Table of contents
It sounds paradoxical that the CEO of a security company such as Securitas had his digital identity stolen. But this is what happened to Alf Göransson, the general director of said company in Sweden.
The damages this caused, not only for Göransson himself but also for Securitas, and also for the bank that granted the loan to the hacker, shows the importance of validating your clients’ digital identity.
In this post we explain the concepts of digital identity authentication and validation, and we explain the 5 extra authentication methods that we offer in Signaturit.
Differences between identification and authentication systems
To identify yourself is to say who you are
In the case of interactions between humans, if for example you ring your neighbor’s doorbell, to the question “who is it?” you will respond with your name. You are identifying yourself.
Authenticating yourself is proving that you are who you say you are
When your neighbor looks through his peephole, your face will serve to authenticate yourself. He will know that you are who you say you are, because he will recognize you for your physical traits. He will recognize your identity.
Human beings can recognize the identity of others – authenticate them – through biometric features such as facial features, voice, the way of walking, etc. Specifically, the face is the main source of information that our brain uses to recognize the identity of others.
“For human beings, a face is the most distinctive physical trait and is widely used to determine a person’s identity.”– Bruce & Young, 1986
In the case of computer systems, the definitions of identification and authentication are the same as for humans.
When you want to access a computer system, you identify yourself through your username, and allow the system to authenticate you through your password.
Your password is something that you know (in theory only you) and the system uses this factor to verify that you are who you say you are.
For example: a way that banks use to authenticate users is a PIN number, which is also something that only you know. Usually you first identify yourself with your ID and your date of birth. This way, you are telling the system who you are. And later you authenticate yourself through your PIN number, which is used to prove that you are who you say you are.
When you authenticate yourself, you verify your identity.
That means that you allow the system to confirm your identity with a reasonable level of confidence.
What types authentication systems are there?
Authentication systems can be classified into three large groups, according to the elements or factors that each system uses to verify a user’s identity (i.e. to authenticate the user):
- Systems based on something the user knows: passwords.
- Systems based on something the user has: smart cards or tokens.
- Systems based on something the user is, or biometric authentication systems: those based on physical traits of the user.
Biometric authentication systems can use any single trait of a person that can be measured.
Although there are many characteristics that uniquely distinguish each of us – from our way of walking to our body odor – these systems usually use the following features:
- Physical features: iris or retina in the eye, fingerprints, geometric features of the hands, etc.
- Behavioral features: handwriting and signature, voice, pulse, etc.
Biometric authentication systems are the safest of all, since the unique and measurable physical traits of each person are impossible to falsify.
However, passwords can be easily stolen or falsified. And the same with smart cards or credit cards, whose magnetic bands contain information related to the owner.
The theft of digital identities is a cybercrime that occurs more frequently than we think. In Sweden, a country that is taking firm steps towards achieving full digitization, more than 12,000 identities were hacked during the first 6 months in 2017. Among those, Alf Göransson’s identity, CEO of Securitas in that Nordic country.
How to authenticate a user?
Generally, any system requests two factors in order to authenticate a user:
1. An identifier
It allows the user to say who he/she is, i.e. to identify him/herself.
For example: name and surname, username (nickname) or email address.
2. One or more authentication elements or factors
Factors that allow for the system to verify that the user is who he/she says. These factors can be something that the user knows (password), something he/she has (smart card) or something that he/she is (biometric feature).
If in addition to the identifier, the system only asks the user for one authentication factor, we will be talking about a two-factor authentication. If it requests more than one authentication factor, in addition to the identifier, we are talking about multifactor authentication.
Do not confuse two-factor authentication with two-step authentication. We have already spoken about that in this post: Is two-step authentication via SMS truly secure?
What characteristics should an authentication system have?
In order to choose a secure authentication system, we need to make sure that it meets the following requirements:
- Reliability: the probability of error must be minimal.
- Viability: it should be economically accessible for the company that wants to implement it. If it costs more than the data that needs to be protected, then we will be selecting the wrong authentication system for our company.
- Security: it must be resistant to possible cyberattacks.
- Usability: it must be easy to use for the client or user to be authenticated.
What authentication systems does Signaturit have?
In Signaturit we offer 5 authentication systems that allow you to authenticate or confirm the identity of the signers with a reasonable level of confidence. These systems can be used as a complement to an advanced electronic signature.
Of these five authentication systems, one is biometric – voice verification – and the rest are authentication methods based on something the user has: a photo, a file, an SMS or an ID card.
1. Photo authentication
This method allows you to validate the signer’s identity through a photo. Our system allows to send a signature request and include, as a mandatory requirement, that the signer attaches a picture of him/herself. This picture allows you to recognize the signer.
2. Voice authentication
Voice authentication is a biometric method of authentication. With the voice authentication system you can request that the signer records a voice file and attaches it to the document to be signed. This way you can recognize the signer by his/her voice.
3. Authentication via an attachment
Another option is to require the signer to attach a file to the document that you sent him/her to sign. It can be an official certificate or something related to your company that proves that the signer’s identity is valid.
4. SMS Authentication
Validation via SMS is one of the most widely used authentication methods. It consists of sending an SMS with a code to the signer’s mobile phone. The signer should enter this code in order to open the document and sign it.
5. Authentication through recognizing identity documents
This identity document authentication system, known as authentication through optical character recognition (OCR technology), consists of reading the MRZ code that these documents – ID documents or passports – contain, and contrast it with the rest of the data to know if anything has been altered.
We offer two options to use this last method:
- The user has to take a photo of both sides of his/her ID card. By uploading it to Signaturit we are able to capture the ID’s information and validate that it has not been manipulated.
- The user has to attach a photo of his/her ID card already stored on his/her computer. In this case, we also capture the data and validate that the information has not been manipulated.
Technically, what we do is verify the MRZ code of the ID, which is the code that appears on the back of the ID and is unique for each person. This code is generated through an algorithm, and is based on the information that each ID contains.
Therefore, if someone modifies some data on an ID, the MRZ code would no longer match with the information scanned ,and therefore our system would detect it as an invalid ID.
In the following link you have all the information necessary to use any of these identification systems with Signaturit: Send a document to sign with several extra authentication steps.
If you need more specific information or you would like some advice regarding what types of authentication systems should be implemented in your company, don’t hesitate to get in touch with us.
If you prefer, you can try directly our five authentication systems. You only need to register in Signaturit and you’ll have free access for 14 days to these and all other functionalities that we offer.