Three-factor authentication (3FA) is the strongest authentication available since it combines something you know (password), something you have (phone or email), and something you are (biometrics).
In VoiceProtect, we use voice biometrics for the “something you are”. Why? If we rely on a device’s biometrics, such as a phone’s face or fingerprint biometrics (also sometimes known as FaceID or TouchID), what happens if you lose or break your phone? Since the biometrics are tied to that specific device, you would be locked out of your account. This is why phones have a passcode to get around the biometrics, but that also weakens the security of the device.
By using voice, we ensure you can still access your accounts if you lose or break your phone (which as you know happens quite often). It also avoids the need for passcode or backup codes, which create a vulnerability.
Note: fact that you can access from a different phone doesn’t weaken the “something you have”. Today if you break or lose your phone you can get an SMS or email for 2FA on a different phone, and it’s still considered a second factor. But with 3FA, now the hacker won’t be able to view the code since they still need your voice (something you are) to view authentication codes sent.
Let’s walk through why 3FA is a necessity today. The password is the most popular and common security measure used, but it is also the most vulnerable with many shortcomings. First, passwords do not provide a strong enough identity check. Anyone who gets a hold of your password can access your account and take what they need. The security of your account is based solely on the strength of the password, which hackers can easily break today.
For this reason 2FA has been widely accepted and adopted, but these also have critical vulnerabilities. The most common 2FA is where an online service sends a text message (or SMS) with an authentication code. Hackers have learned they can use stolen information about us online to convince a mobile carrier they are us and get a new SIM card issued for our account. This enables them to receive all our text messages with the authentication codes.
Another popular form of 2FA are authenticator apps such as Google and Authy. The problem with these solutions is if your phone gets compromised or stolen, it provides a roadmap and a “key” to access all your accounts. Another problem is these apps rely on backup codes. So your security is only as strong as ensuring a hacker doesn’t gain access to your phone or backup codes.
Some services also rely on sending codes via email. But if your email gets hacked, it also provides a roadmap to all the services you use plus now a hacker gets the access codes.
This is why 3FA is so vital since it provides extra security and friction to secure your accounts. If your phone or email account or SIM card is compromised, you will still be secure. This is because when the hacker gets your text message or email (or opens your phone), they still need your voice (voice recordings will not work) in order to view your authentication codes. It provides an extra layer of protection to secure your accounts. And no passcode code or backup code is necessary.
In today’s crazy world it’s smarter to not just hope “a hack doesn’t happen to me.” Instead take every precaution to protect yourself. But there is downside to 3FA. It will require a few extra seconds to access your accounts. If you are someone that uses an extra lock on the front door of your home and is OK to take extra seconds to lock or unlock it each time, then you already know the importance of that extra friction.
Given so much of our lives are online (data, money, etc), we believe that little extra time to be secure online is well worth it. We hope you do as well.