If you’re like me, you can count your usernames and passwords on one hand. How else can we remember the identities we need to access the dozens of websites we use and unlock our PCs, smartphones and tablets?
If someone hacked into just one website you use and stole your identity imagine the pain they could inflict elsewhere. They could go to an online retailer and place an order using your saved credit card or transfer money from your bank account.
Identity theft is an even greater concern for those who own a business. Consider the security — or lack thereof — for the websites you use to send cash to drivers, to pay bills, to receive payments from customers, and dispatch trucks with high-value loads.
What are the chances people in your office use the same credentials to access these websites that they use to access their own personal e-mail accounts and websites? Also, what if a hacker stole the identify of one of your customers and logged into your website and found sensitive information on your shipments?
Other information like freight contracts and legal documents pass through your e-mail servers all the time. Are you really sure who is looking at them?
Of all the cyber security breaches where confidential information is exposed or gathered, 76 percent are caused by weak or stolen credentials, according to the Verizon 2013 Data Breach Investigations Report.
Now contrast the level of security of a username and password to that of a debit card. Your username-password credentials have one security factor. If someone steals or guesses them, you’ve lost your identity. The debit card has two security factors: 1) the user’s credentials — in this case a PIN; and 2) user verification. Having the card in your possession, especially if the clerk asks to see your driver’s license to match the name on the card, is proof the transaction is secure.
A second factor is more powerful than you may think. The Verizon Data Breach Report which was referenced earlier found that no breaches occurred when a second security factor was involved.
Recently I spoke with Verizon about its unique cloud-based identity platform with a “multifactor” authentication process. The platform, Universal Identity Services (UIS) from Verizon Enterprise Solutions, has been available in the United States for over a year and is now available in Europe.
Any type of business, large or small, can use this platform to add more security to a variety of transactions, says Tracy Hulver, chief identity strategist with Verizon Enterprise Solutions.
The “multifactor” authentication process of UIS verifies that the user is exactly who they say. It combines an individual’s username-password with a computing device that generates a one-time password or a biometric scan, such as fingerprint recognition (available on the iPhone 5). Once authenticated, users can securely access online content such as websites and corporate resources.
On a practical level, the process would work like this: you enter a username-password into a website. If this website were hooked into the UIS cloud service you would be asked for a one-time password to complete the login process. Meanwhile, a one-time password is instantly sent from the cloud service to a UIS app installed on your smartphone or tablet.
You enter the one-time password into the website to verify your identity. This works because the device in which you received the password is physically present with you. When you downloaded the UIS app onto your device you had to go through an identity proofing process.
The latest release of UIS, announced Tuesday, Oct. 16, includes the option to use a QR code for login instead of entering a one-time password. The user scans a QR code that appears on the screen with their smartphone to complete the login process. This method also verifies the identity of the user since the user had to enter a PIN to log into the smartphone and scan the code.
One reason why this multifactor authentication process is not more prevalent in the websites you visit today, such as from your bank or favorite online retailers, is because of concerns these companies have about losing customers. Introducing a more complicated login process that requires the user to get a one-time password from a smartphone may seem a bit unusual. The customer might just decide to go to a competitor’s website instead and ignore the extra security benefits, Hulver says.
Some of the examples where this platform could make a difference to motor carriers is to secure the exchange of documents that require legally binding digital signatures such as freight contracts and driver background checks during the recruiting process. It could also verify that remote employees are the ones actually logging into your company’s network from smartphones and other devices with an Internet connection. Realistically, any information that could use an extra layer or “factor” of security would be a good candidate.