Enhancing Security with TrustBuilder’s Passwordless MFA Solution: Introducing QR Code Authentication
In the rapidly changing landscape of cybersecurity, organizations are continuously searching for ways to enhance their authentication processes and safeguard sensitive data. With a deep understanding of the need for stronger security measures, TrustBuilder is excited to unveil a substantial update to its Passwordless Multifactor Authentication (MFA) solution. This update introduces a cutting-edge authentication method, QR code scanning, which offers even greater convenience and security for users. Notably, QR code scanning serves as an effective countermeasure against push bombing attacks. In this blog post, we will delve into the details of this new feature and explore the multitude of benefits it brings to organizations and end-users alike.
How to fight push bombing In a nutshell
TrustBuilder’s philosophy when building cybersecurity solutions has always been to combine a very high level of security with the largest compatibility and accessibility possible. This unique proposition has been the cornerstone of the inWebo MFA success and today’s evolutions under the TrustBuilder brand are no exception.
- Turn your workstation and/or your browser into a trusted device = thanks to its unique Browser and desktop tokens, TrustBuilder makes sure a hacker cannot takeover your account even with stolen credentials
- QR code scan working on all devices, with or without a camera = QR code scan authentication gets rid of unsolicited notifications, is much more secure than number matching and its combination with deeplinking technology makes it a breeze to use.
What is Push Bombing?
What enables a push bombing attack?
Operation initiated from an unknown environmentAcquiring a list of credentials is now an easy first step to gain access to a user’s account and initiate a push bombing attack. If no additional checks are performed, it can be triggered from any browser.
Operation unlocked with a single tap of OKEnforcing two-factor authentication (2FA) solely with a login, password and possession factor (tap OK) increases the impact of push bombing, as end-users can accept by habits.
Lack of security awarenessLack of preventive actions to help users develop the right reflexes to identify suspicious authentication requests.
Introducing QR Code Scan Authentication
How Does QR Code Authentication Work
QR Code Authentication, the TrustBuilder Way
TrustBuilder’s version of QR code scan authentication offers specific benefits in terms of both security and user experience.
Very high Security
- Protects against social engineering
- QR codes are linked to a user account and cannot be used on other devices without a trusted device.
- Since there is no retyping by the end user involved in the process (unlike other methods like number matching), QR codes can carry complex and lengthy data (like a session id) much more difficult to hack than a two-digit code.
- QR codes have a short validity time to prevent mass generation and upfront sending.
- Reduces user acceptance in error
- Link the channel on which the transaction was initiated with the channel on which the transaction is validated.
- There is no way to access the pending transaction without the information embedded in the QR code and authentication of the trusted device.
Improved User Experience
- Eliminates unsolicited push notifications
- Push notifications have been replaced by QR code scanning. Users are shown the transaction to validate.
- Adapts to user habits
- Nowadays, users scan a QR code to get a restaurant menu, directions to a location, more information on a product or to download an app on the App Store or Google Play. It has become a mundane operation for most users.
- Works from a browser on your trusted device
- Deeplinks are available so that if you are working from your trusted device, you can authenticate directly from it rather than having to rely on an additional enrolled device
- Works with a simple camera scan – no need to launch the dedicated app
- Deeplinks are available to automatically launch the TrustBuilder Authenticator App when the user scans the QR code
TrustBuilder’s major update to its Passwordless MFA solution, introducing QR code scan coupled with deeplinking to make the experience totally seamless, revolutionizes the world of authentication methods. By adopting this efficient and innovative approach, organizations not only enhance security, simplify user experience, and reduce costs associated with traditional MFA solutions, but also effectively mitigate the threat of push bombing attacks.
With TrustBuilder’s ongoing commitment to continuous improvement and addressing evolving security needs, organizations can confidently embrace QR code authentication as a powerful method of step-up authentication, ensuring both security and convenience for all stakeholders involved.