Symbol-to-accept strengthens multi-factor authentication

One of the more popular ways of securing logins in recent times has been the use of push-to-accept technology, sending a verification message to a user's mobile device.

However, this runs the risk of users inadvertently approving login requests that they didn't initiate. Adaptive access company SecureAuth is launching its new Symbol-to-accept technology to boost security without sacrificing convenience.

The way it works is that a push message is still sent to the user's mobile, but using Symbol-to-accept, the user is presented with several 'accept' buttons displaying single, randomly-selected symbols. To successfully log in, the user selects the symbol that matches one displayed on their computer's login screen. This choice dramatically reduces the likelihood that the user will approve an unsolicited login request because they won't know which button to choose if they're not currently trying to log in.

This method avoids the 'conditioned response' that can lead to users pressing accept without thinking simply to clear a message from their notification screen.

"Push-to-accept is arguably one of the most convenient forms of multi-factor authentication," says Keith Graham, CTO at SecureAuth. "Unfortunately, while traditional Push-to-accept authentication provides a great user experience, it is prone to exploit by attackers, who may bombard the user with Push-to-accept requests -- to the point where the user will eventually hit 'accept' to make the requests go away. And for cybercriminals, it's a numbers game -- bombard as many users with requests as necessary until the desired outcome is achieved".

You can find out more about Symbol-to-accept on the SecureAuth blog.