websights How to switch to passwordless authentication in 3 lines of code - TrustBuilder

Looking for inwebo.com? You are in the right place! Read all about it in our blog post

Join us at Les Assises de la cybersécurité in Monaco - Booth #117 - October 11th-14th

How to switch to passwordless authentication in 3 lines of code

In the digital world, it is a given that enhancing the security of a system inevitably involves a degradation of the user experience. Yet, by choosing the right multi factor authentication (MFA) solution, you can simplify the day-to-day user login experience and benefit from an implementation without any significant development effort.

Author: Romain Breysse, Cybersecurity Engineer

After working for 10 years in the telecom industry on numerous products at different position (IT, marketing, pre sales) in France and abroad , Romain joined inWebo to know to more about the dynamic cyber industry.

As a pre sales ingenior at inWebo, Romain helps our prospects and customer to implement our strong authentication solution and apply best practices in term of cyber defense.

In the digital world, it is a given that enhancing the security of a system inevitably involves a degradation of the user experience.

Our daily experience proves it every time we log in with the famous password: every year we have to increase the length of our passwords, add exotic characters, lower case, upper case etc…., in short, increase the complexity to strengthen the security of our accesses.

We have no choice: in this connected world, cyber attacks are multiplying and making the headlines every week – social engineering, password leakage, phishing, malware, ransomware etc. Drastic measures must be put in place within companies to combat these new threats. IT security has become indispensable.

So when the CISO announces that he is going to increase security, users get scared, they shake: what are we going to have to do tomorrow to access our e-mails :

  • Type a 20 character password? Somebody PLEASE help!
  • Use an extra physical key? I already have enough keys!
  • ZeroTrust security? I won’t have access to anything?
  • A passwordless policy? But where’s the security?
  • Or add multi factor authentication on all accesses? What is this barbaric name, will it be worse than the password? … Nooo!

In this article, we will explain that these fears are not inevitable and we will show you, with a technical demonstration, how inWebo MFA can actually improve the user experience while increasing security!

No more passwords. Long live the Passwordless!

Everyone uses a password; over the years we have learned to log in with the login/password combination.

However, with the development of computer computing power and the networking of all applications, the security level is getting lower by the day: protecting bank and client accounts with a simple password is careless.

Of course, we can always choose a longer and/or more complex password to enhance security but the negative impact is immediate on the user experience.

This method is not viable over time and is already showing its limits today both humanly and technically.

Does multi factor authentication (MFA), an essential protection, make the customer experience more complex?

In the face of new threats, regulations are tightening to protect access more effectively. In response, technologies are emerging to replace the password, such as strong authentication.
Strong authentication involves combining different factors to confirm a user’s identity by generating a one-time password (OTP or One Time Password) for each connection:

What I own

a possession factor unique for each user: a token

What I know

a knowledge factor only known by the user

What I am

a biometric factor such as a fingerprint, necessarily unique to the user

For instance, the European PSD2 regulation requires banks and online retailers to secure access with strong customer authentication as soon as possible (the deadline is regularly pushed back because the players are not yet ready). Banks have reinforced security so far by sending a one-time password by SMS but even this technique shows its limits in terms of security and ease of use.

Numerous articles are flourishing on the Internet to point out the complexity of MFA (multi factor authentication), which risks pushing users to give up online shopping, hurting online retailers’ bottom line.

This fear is unfounded; inWebo has developed the right answer: passwordless multi factor authentication, with a very high security level and providing an even simpler user experience than the login/password combination.

How inWebo's passwordless MFA solution streamlines the user experience

Passwordless: What if you could swap your password for a simple PIN code and reach a higher security level?

Today, on a daily basis, your user types a 10 character password like “Im_FrgttngMyPwd? “This is not very practical.

Tomorrow, with inWebo, switch to passwordless and allow your user to log in simply by typing an easy to remember PIN code (a 4 or 6 digit knowledge factor) within their possession factor such as our browser token which will be your user’s default browser.

In short, passwordless multi factor authentication by inWebo MFA

What I own

a possession factor unique for each user: a token

What I know

a knowledge factor only known by the user

How is that possible? How can you ensure access security with only a 4 digit PIN code?

It is important to understand that the 4 digits are only one of the factors needed to authenticate. These 4 numbers alone are of no use. They can only be used on the possession factor created by the user: in the example above a browser token chosen and created during the enrollment phase*.

Entering its knowledge factor is only possible on a browser that has been transformed into a possession factor, in other words a trusted browser.

On the other hand, we are talking about a knowledge factor and not a classic password: the knowledge factor is not transmitted via the network at each authentication and is not stored in a classic database. As a result, it cannot be attacked like a regular password.

How will a user create his possession factor, his token?

To be able to authenticate, the user will have to take an extra step to create his possession factor. This step only needs to be done the first time: in everyday life, he will only have to enter his PIN code.

This procedure, called enrollment, takes about 1 minute: the user will, for example, receive an e-mail with a link, he will have to click on this link. A new page will then open on his default browser to ask him to set his knowledge factor.

That’s it. It’s over. The user has just defined his two factors: by creating both a browser token (his default browser) and his knowledge factor. Fast and efficient.

He can now authenticate himself only through the specific browser that has become his possession factor by typing his knowledge factor.

Before / After inWebo’s passwordless MFA

Forget the password headache

Simplify the login experience

This is how inWebo’s multi factor authentication drastically simplifies the user experience.

As an additional benefit, we also found that support teams were less solicited by requests to reset forgotten or blocked passwords. User will inevitably make fewer mistakes with a simple knowledge factor in the form of a PIN code to remember.

Everybody wins: users and IT support teams.

How to migrate to passwordless multi factor authentication in the blink of an eye

Today you use a login/password pair to let your users authenticate. Technically it’s a simple HTML form to allow you to validate these data within your database.

To turn this form into a passwordless multi factor authentication, you just have to:

  • add 3 lines of code,
  • add a javascript function,
  • to hide the original form
    then make an API call to our platform.

One line to initialize the inWebo library:

A javascript function that will launch the inWebo browser token when the page loads.

Two lines of code then within your web page that will replace your current login/password form. This part manages the display of the inWebo user interface.
 
That’s it: you are able to do multi factor authentication, generate one-time passwords using inWebo’s technology.
All you have to do is retrieve the unique password (OTP) generated by our browser token. It will be automatically “posted” in your form in the password field and you will be able to validate it using our AuthenticateExtended API to have it validated by our SaaS platform:
In short, the following process will have been put in place:

inWebo generates an OTP

inWebo browser token (Deviceless MFA) generates an OTP

Your form receives the OTP

Your form retrieves the OTP in the “password” field which is validated through an API call to

inWebo confirms the OTP

inWebo’s SaaS platform validates the OTP
You can of course go further and customize the solution in a significant way.
To this end you can find our online documentation with code examples to get you started faster.
From experience, a single developer can implement our solution in less than an hour with our standard design and in 2 days for a more advanced integration with your own design!

Enhance the login experience and effortlessly switch to passswordless

So, no more excuses for not securing your applications. You have the choice to continue with an insecure password, tedious to use by your users and remain exposed to all the existing computer attacks OR to reinforce your security with a strong AND simple authentication for your users!

The 2 messages to remember are:

Simplifies the user experience

Multi factor authentication does not complicate the daily user experience. On the opposite, it streamlines it.

Quick and easy to implement

inWebo MFA can be implemented very efficiently without any significant development effort.

Webinar

Passwordless authentication: a very simple way to make your users happy and secure