Security
The Internet is a bit like our real world, there are places (social networks) where people meet and exchange ideas, there are department stores (e.g. Siroop) and bank branches (such as PostFinance eFinance) and everyone moves in this digital world practically every day.
However, just as in the real world, restricted access divisions are also important in their digital counterparts. Just as we lock our front door when we are not at home, we also block other users from our private accounts to protect them from curious strangers and, above all, from misuse or theft. The key we use to protect almost everything in the digital space is also the worst one you can choose - a concatenation of at best more than 10 but usually only 6-8 characters - the password. Whoever knows it, guesses it or gets their hands on it has access to the most sensitive divisions of our lives: photos of us and our children, our address and credit card number, our bank account and much more. We have relied on the supposed protection of passwords for a long time, in fact ever since computers and electronic networks have existed, but this protection is an illusion. And the danger is increasing.
Passwords have never really been that secure. However, with countless phishing emails, ever simpler and more easily accessible tools for cracking passwords and a large number of existing "password leaks", the risk of becoming a victim of a hack is increasing. To make matters worse, more and more of our digital identity is stored in the cloud and accounts are often linked to each other. This not only increases the likelihood, but also exacerbates the consequences and effects of such a hack.
Is moving all our data back to private hard disks and deleting our accounts really the only way to protect ourselves effectively? Yes, but it's not a very practical and completely unrealistic resolution. For this reason, well-known portals and cloud operators such as Facebook, Apple or Whatsapp, but also Swisscom, rely on so-called 2-factor authentication (2FA), which uses an additional layer of security.
As the name suggests, 2-factor authentication requires two of a total of three possible factors for a successful login.
The three possible permitted factors are:
This means that not only the password (knowledge) is required for a successful login, but you also have to be in possession of a mobile phone, for example, on which you have to confirm a login attempt or possibly even transmit a one-time PIN sent by SMS to the Web browser. So someone would not only have to know my password, but also steal my mobile phone at the same time. This simple measure increases the protection of our data immensely without losing much convenience.
A few years ago, Swisscom developed Mobile ID for this purpose, which has since become a successful model in Switzerland. Mobile ID was designed as a security feature on SIM cards and is now available from most Swiss telecommunications operators, meaning that the majority of the Swiss population can use secure two-factor authentication by telephone and PIN on online portals such as PostFinance. Strictly speaking, the PostFinance login is even a particularly secure multi-factor authentication. An eBanking customer must not only have their personal login details to hand, but also their personal mobile phone and Mobile ID PIN. This effectively prevents misuse. And because more security unfortunately all too often comes at the expense of convenience, Mobile ID does not rely on one-time passwords that have to be transmitted to the Web browser, but on a six-digit PIN that only the user knows. During the login process, the user is asked on their mobile phone whether they want to log in. After confirming, they enter their six-digit PIN on their mobile phone. The web server, which is connected to the Mobile ID backend, registers the login attempt and valid authentication and authorises the user within a few seconds. The user can then log in to any independent website with the same PIN - including the Swisscom customer portal.
The nationwide and comprehensive introduction of secure authentication options on the web offers optimal conditions for digital business models and digital management. These require unambiguous identification for the necessary legally binding declarations of intent, whereby authentication is only the first but very important step. Digital signatures for legally binding authorisation and digital identity, also known as eID, also come into play here. The latter two topics are currently highly debated in Switzerland and are of enormous importance for the state and society. I would therefore like to dedicate a separate blog entry to these points in the near future.
Senior Product Manager
Find the job or career world that suits you. In which you want to help shape and develop yourself.
What you make of it is what defines us.
