Technology & Patterns

Innovation in authentication

Published by

Rob Page

on

BYOD and off-premise access to on-prem and/or behind-the-firewall resources is a huge problem for IT security.

Don't feed the phish. Image credits to the University of Idaho.
Don’t feed the phish. Image credits to the University of Idaho.

Google has been testing new/different/alternative ways for their customers to authenticate (i.e., identify themselves).  The addition of your phone into multi-factor authentication (MFA) is not new.  What is slightly new is how the phone is used.  Google authenticator (the “standard” way of adding your phone to MFA) is a pain – who wants to type in a number?  There’s no password on Google Authenticator.

This new experiment relies on possession of the phone to enable access.  An interesting concession to convenience.

Here’s my (free to use) suggestion for phone-based MFA:

  1. authentication request pushes notification to phone
  2. open alert takes you to the New and Improved Google Authenticator
  3. Fingerprint authentication required for the Google Authenticator app
  4. BIG BUTTON that reads “Do you want to login to Application X?”
  5. Tap yes

Dear Google – off you go to implement please.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hello,

I’m Rob

Welcome to Technology and Patterns; my on-again, off-again canvas documenting my insatiable curiosity for how things work. Writing helps me organize my thoughts, opinions, and perspective. I hope some of you find value.

Connecting

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts