I have always been known for my smile. It is a unique characteristic that has always distinguished me and occasionally benefited me. For example, in the 70s I was working long hours in a very remote area, and rarely got into town. On one of those infrequent trips, I stopped by a Bank of America to cash three paychecks totaling a thousand dollars. Unfortunately, I had forgotten my wallet and didn’t have any I.D. However, instead of turning me away, the branch manager called my home town branch to see if there was a way of identifying me. After a few minutes, he came back chuckling and said he would be glad to cash my checks. When I asked him what was so funny, he replied, “Your banker asked two questions: Does he have long blond hair and is he smiling?” Back then, that was two-factor authentication.
The process used in authenticating my identity in the real world of the 1970s was radically different from how it’s done in the digital world of today. But the objective, to identify who I am, remains the same. In the real world, my body resides at a specific location that I can identify with my phone’s GPS. On the other hand, in the digital world my identity resides on a vast array of servers known as the cloud. And that’s a problem, says Frank Abagnale, the con man immortalized in the 2002 movie – Catch Me If You Can. “Technology breeds crime. What I did in my youth is hundreds of times easier today.”
It’s not only easier, but also more lucrative and less risky. So, client information is under constant attack by hackers and identity thieves. At first, we dealt with it by protecting our server with various types of hardware and software solutions. But, after talking to experts, we determined that trying to stop the bad guys from getting in was not good enough. According to a 2016 Fortune article featuring Michael Hayden, the former head of the National Security Agency and later the CIA, “Most of the history of what we call cybersecurity has been in… vulnerability reduction.” However, breaches are inevitable and hackers are “…going to get in.” If Marvin Gaye and Tammi Terrell were to describe the problem, they would say, “…there ain’t no firewall smart enough. Ain’t no software patches good enough. Ain’t no password strong enough, to keep hackers from getting to you, babe.” So, the article’s author declares that “authentication – validating identity – becomes key.” In this new paradigm, what matters most is determining who should be granted access to “…what, when, and from where.”
The solution to that question, and a number of others, was a cloud-based delivery system that allows us to securely access client databases, custodial platforms, emails, documents, and other applications in a manner compliant with SEC/FINRA protocols. So, instead of using our own server, we access all our applications and websites through browsers that monitor the identity of people and devices to limit entry to only those who are authorized. Two-factor authentication is an important part of that process.
Today we use codes sent to our phones for authentication, but Niall Cameron, Global Head of Corporate and Institutional Digital at HSBC, says, “Multi-factor biometric identification is the future.” Biometric authentication uses unique facial and other characteristics to identify individuals. However, the Applied Recognition website warns, “As face recognition authentication becomes mainstream… hackers are busy looking for ways to trick the… authentication hardware and software.” They explain that the best way to protect against spoofing (tricking) is by Liveness Detection, in which the individual is asked to do some motion such as winking or smiling. It turns out that our motions, as well as our features, are unique.
We want the best cybersecurity because protecting client data is our first concern. And since all security is vulnerable, authentication is necessary. Currently we use numeric codes, but in the future, we will use biometric characteristics and motions that are difficult to replicate. So, as unlikely as it may seem, the best multi-factor authentication of tomorrow may be what my banker used decades ago – a smile.