A glimpse into the content of this blog:
Oh, remember the days when the word “password” meant that only your friends were allowed in the tree house? Those were simple times. Today, it means stress, risk and — unfortunately still often enough — post-its.
So what if there was a solution that required as little attention from us as a post-it and yet was more secure? Turns out there is, and it’s called out of band authentication (OOBA). Let’s see what out of band authentication means and how it realtes to Almefy.
Why you want to be
“out of band” —
unless you’re a rockstar
What sounds like a career end for musicians is actually solid security practice.
If you just heard you need to be “out of band,” let us explain why that’s actually a good thing. You’ve probably come across out of band authentication (OOBA) together with two-factor or multi-factor authentication (2FA/MFA). But with all those acronyms, it can be hard to keep track.
To clear up any confusion, the very first thing we’d like to emphasize is that OOBA falls into a different category than the others. Therefore, we can skip the question of which method is better.
Putting it simply, out of band authentication (OOBA) is more like a rule. It requires you to use separate channels for signing in and authenticating. Let’s walk through an example. If you log in to your inbox, you’re using your username or email and password. Because passwords alone can’t fulfill the security requirements of today (and because some of us still rely on “12345”), we need an additional layer of safety.
If we just added a second password, that wouldn’t help. Even if we came up with something trickier than “6789,” a hacker who manages to intercept your traffic could catch both phrases in one go. You may already be familiar with 2FA procedures where you’ll receive a separate code on your smartphone.
The problem here is that you’re not following true out of band authentication (OOBA) either, because your smartphone is likely to be in the same WiFi as the laptop you’re using to sign in. They’re still going through the same channel – your WiFi. However, if we decide to verify our login attempt with an SMS code, such as an SMS TAN for your online banking, that goes through your mobile carrier instead of your WiFi, thus increasing your security profile. We’re out of band.
So, no luck for the hacker. Even if he guessed our password, he likely doesn’t own our phone, let alone our fingerprint.
Join the Out of Band Authentication bandwagon and improve your security
As an IT Admin, you’re probably always trying to balance the increasing amount of security concerns and practicality with user experience. Of course, maintaining the security of your team’s login credentials is one of the biggest challenges. Your employees might occasionally forget their passwords or lock themselves out after multiple failed login attempts. And if you need to manage different levels of access across team members with various roles, it can become even more difficult.
With the growing complexity of your IT environment, you may also find yourself relying on more applications, plugins and third-party integrations for additional functionality. Even if you’ve already found the intricate balance of team supervision, security and password management within your infrastructure, this is like pulling the worst card in Monopoly. Go back to start, don’t pass go …
So clearly, you’re keeping a lot of balls in the air, and that doesn’t account for data breach notifications, brute force attacks, software updates or the challenges of running multiple sites.
While OOBA can’t help with all of them, it can contribute to a streamlined two-factor authentication setup. So while you might share passwords (which you shouldn’t), an attacker will have a harder time getting into your system. Once you’ve set up another channel for authentication purposes, you can also use it for other security measures, for instance, to send notifications about a suspiciously high number of login attempts.
If before you had to worry about employees carelessly losing admin credentials to phishing attacks, having a second channel at least makes that scenario less likely. Out of band authentication (OOBA) can even provide a more user-friendly experience than traditional security measures like CAPTCHAs. So not only will your team thank you; you’ll do it yourself.
Boldly go custom with enterprise solutions through OOBA
The good news is that these days, you can map the structures and needs of every company in custom enterprise solutions. The bad news is that these days, you can map … You get the idea. While providing incredible value, custom solutions come with lots of technical challenges.
Maintaining and updating integrations to keep your system running is just one. The more connections you require, the more attack surface you tend to provide for potential attackers. Each integration and add-on has to be rigorously tested and secured, adding to your team’s workload. This applies to both their technical reliability and their impact on your compliance with regulations, such as the GDPR or HIPAA.
A number of these issues can be mitigated by OOBA. Some have to be. Many regulations around banking and privacy mandate strong authentication protocols these days. But OOBA can also streamline authentication across your custom setup while reducing the risk that one plugin or application leaves the door open for phishing attacks. Plus, you can adapt your solution to your team’s preferences and your technical setup without compromising security.
But how is a QR code supposed to be more secure than what you’re already using?
Let’s finally address the elephant in the room. You now know that out of band authentication (OOBA) can include anything from your fingerprint scan to an SMS and, yes, a QR code, which is what we use here at Almefy.
So if you’ve seen them displayed in shop windows, you might be thinking we’re trying to prank you or they’re insecure. That’s certainly not true. As we’ve explained, your system becomes more secure because you’re not using two passwords. Whether you’re using a push notification, a biometric reader, voice authentication or a QR code — a second channel is always better than one.
That said, we don’t stop at OOBA. With Almefy, you can combine identity-based encryption with a PIN code or a biometric login through our app for added security. At the same time, all those horror scenarios of interoperability and breaches go away with the tap of a button, because you can now benefit from single-sign-on authentication. Once you’re logged in to your enterprise solution or website backend, there’s no need to enter passwords for every single add-on and application.
The same goes for enterprise solutions like Salesforce®, Office®, Personio®, Atlassin®, Slack® and Odoo®, and we’re constantly adding new platforms to spread the word.
Ready, set, secure: How to get started with Almefy
To sum up, out of band authentication (OOBA) is the cornerstone of every reliable security strategy. Whether you’re running a website or managing your enterprise solution’s security — the right app will not only streamline your maintenance efforts but boost your safety profile.