Making 2FA More Secure

Uploaded on 2021-04-15 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

Two-factor authentication is not a new technology and many companies use social media apps to verify someone’s identity, but now the possibility integrating it into facial recognition can add an extra layer of security.

Two-factor authentication (often shortened to 2FA) provides a way of 'double checking' that you really are the person you are claiming to be when you're using online services, such as banking, email or social media. It is available on most of the major online services. Essentially, two-factor authentication is the process of confirming one’s identity through two different challenges, using something you already know, have, or contain. 

In two-factor authentication, one test can be to fill in the username and password. The next challenge can be to verify the identity by tapping on a push notification, entering an OTP shared via email, text message, phone call, or other channels.

Now a team from Brigham Young University School of Mathematics (BYU)  has built an algorithm that could possibly bring two-factor authentication to facial recognition technologies in everything from cell phones to surveillance systems with the use of facial motion.

The project started when the group researched facial motion and how it could be analysed. That evolved into seeing if students are paying attention in class and it eventually morphed into improved security for facial recognition with the use of facial motion. They developed a technology called Concurrent Two-Factor Identity Verification. According to Dr. D.J. Lee, it means that “you show your face and make the facial motion just once, you don’t have to do it twice. With the facial motion, if people want to use your photo they cannot fool the system since the photo is not moving.” 

The technology first uses facial recognition and then a secret phrase is mouthed, a movement with one’s lips is made, or a facial motion is made to satisfy the second step of authentication. Even if a video is used, the chances of that video matching the secret facial motion are low.

This video could be used on a computer, cell phone, or any piece of technology with a camera on it. Dr Lee thinks there could be numerous other uses, such as to start the engine, smiling at a camera to gain access to a hotel room, using it to gain access at an ATM, and even using facial motion in disabled people to control a computer.. " We don’t necessarily limit this to unlocking a phone or mobile device. This can be used for many different applications.” he said. The next step is a demonstration of the technology with the hopes of attracting some interest of people looking to help develop the algorithm further. 

NCSC:           LearnG2:            I-HLS:          HeraldExtra:     

You Might Also Read: 

Google Creates Video Tools To Fight Deepfakes:

 

« Cyber Crime In 2021: How Hackers Are Evolving
Trump's Family Get Blocked On Facebook »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LRQA

LRQA

LRQA is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Cloud Carib

Cloud Carib

Cloud Carib is the premier provider of managed cloud services in the Caribbean and Latin American regions.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

Operant AI

Operant AI

Operant AI is the only Runtime AI Application Defense Platform that actively protects every layer of live cloud and AI applications from infra to APIs.