APPraisal
Our first app, which we anticipate rolling out sooner rather than later this month, will feature a pin-pad recognition of faces that results in an authentication token in this case in the form of a QR code.
This is more common than you might think and getting commoner, although the single case most of you will be familiar with will be at airline check-in, where a barcode will as often as not substitute for a printed boarding pass.
Authentication of who we are can be resolved by three methods: something we ARE like a fingerprint, something we KNOW like a familiar face or PIN code and something we HAVE like a token or ID card.
Increasingly and perhaps sadly, more than one such means will be necessary and this is why our app will be applicable to a variety of transactional scenarios.
The token in the photo for instance shows the Swiss/German TAN code (Transaction Authentication Number) used for banking applications. From what I can see, having logged on to online banking the user is presented with a specific code to authorise a transaction, which is photographed on a separate device and returned to the bank.
The user has then to pick the number given to the transaction from a list of a hundred randomised numbers in order to get the go-ahead. If that sounds tedious, alternatives include the bank returning a beloved captcha upon receipt of said TAN code.
It is probably a sign of the times that bloggers are giving this 4/5 for ease of use, tho' compared to posting a cheque or taking a walk to the bank (as my room-mate did at university back in the day), it possibly is.
It is still breakable apparently should the impostor know your login and passcode in the first instance... which is why block-locks including familiar faces are an altogether better solution, because that password at the very outset is the Achilles heel of the system that we have examined here.
I write too the week that three more hacks make the news: Ticketmaster confirm that half a billion (!!!) of their customers are at risk of financial loss after a data breach, and TikTok say their celebrity accounts have been compromised. Meantime in the UK many medical services in and around London are suspended due a ransomware attack on a company called Synnovis who provide screening services to hospitals and clinics.
The latter was undertaken by a Russian outfit that attracts little scrutiny domestically because they serve the purposes of current war aims in Europe... something that may be worth considering on this 80th anniversary of the D-day landings.
Supporting secure access means which sub faces for PINs is your duty, soldier!