Cognitive Authentication Platform: No April Fools’ Joke Despite Wacky Website
It's true: Calling attention to poor cybersecurity measures, a new authentication step asks users to "sing the chorus from Toto’s Africa at the proper pitch."
Just in time for April Fools’ Day, Portland, Ore.-based Acceptto, a startup focused on cognitive authentication, launched what it termed the world’s most ridiculous password manager solution/website and accompanying interactive game.
Acceptto wants to call attention to what it described as a flaw in today’s cybersecurity industry: passwords are useless. Its position, and that of many other cybersecurity professionals, is passwords have long proven to be the weakest of identity access protection, yet folks continue to use them to protect their online banking and credit card accounts.
The Oregon firm claims the next stage in login verification is cognitive authentication, a mixture of artificial intelligence and machine learning, and expert systems and behavioral modeling, that ensure an individual is who they say they are when requesting a login.
“The cost of attacking passwords is decreasing due to a combination of factors, including the surge of data breaches across different industries, the cloud being the new perimeter (no-perimeter), and lowering the cost of attacking a password by brute force,” Acceptto CEO Shahrokh Shahidzadeh, said. “It’s true that multifactor authentication raises the bar for low-effort cyberattackers, but this is at the cost of bad user experiences for people who are just looking to secure their financial data.”
Shahidzadeh explained financial institutions need to recognize that forcing users to go through friction to access their accounts is a barrier to the security adoption. “If security measures do not provide a good user experience, they are instead empowering cybercriminals.”
The CEO suggested the significant security, privacy and usability shortcomings of current identity management systems require a paradigm shift away from usernames, passwords and high-friction authentication solutions, and instead a transition to a new generation of behavioral modeling for authentication versus traditional binary authentications including two factor/multifactor authentication to get access.
“Artificial intelligence paired with machine can be used to make secure access for good users frictionless by learning the digital behavior of users within the context of account access, and most importantly post the authorization, where all the evil starts,” Shahidzadeh maintained. “By taking a holistic approach to how a user typically engages online, AIML can help financial institutions determine if a bad actor is trying to gain unauthorized access to accounts continuously.”
Acceptto’s eGuardian engine leverages a mixture of AI and ML, expert systems and small and medium-sized enterprises to classify, detect, and model behavior, and assign real-time risk scores to continuously validate identities prior to, during and post-authentication to continuously creates and monitors behavior profiles based on the user interaction.
In addition, Acceptto claimed multi-step authentication methods promise a better experience, but instead create unnecessary and annoying extra clicks” for the end user. To prove its point the cognitive authentication startup created an interactive game on its website to demonstrate the amount of verification password management solutions must complete to access accounts.
Here are the wacky steps:
- Visit https://www.11factor.com/
- Go through 11 factor authentication process to gain access to your “account.”
- “Let’s start simple. What is your username and master password?” (Click “debug” button to bypass sign-in).
- “Prove you’re not a conspiracy theorist by clicking on all the moon landing photos that are fake.”
- “This is painful. How much student debt did you graduate with?”
- “Not so fast. Is it currently raining outside?”
- “Select the square that contains the identity thief (he goes by Wally).”
- “Think you’re smart? What color is this dress?” (Yes, the choices are white and gold, or blue and black).
- “Prove that you’re a human via retinal scan.”
- “Do you hear ‘Laurel’ or ‘Yanni’?”
- “Only a robot wouldn’t laugh at this video. Laugh at this video to prove you’re human.” (Hard to describe, a cat-raccoon hybrid?).
- “Solve this puzzle to prove you have an I.Q. at all.”
- “Enter in the code texted to your phone number.”
- “Sing the chorus from Toto’s Africa at the proper pitch. Yep, out loud.”