Take for example the attack on the US Office of Personnel Management (OPM) –arguably one of the largest cyber attacks ever. Affecting 22 million people, including millions of federal employees with security clearances, this hack put a spotlight on the need to protect personal information like name and address, even fingerprints—not just credit card numbers.
According to the New York Times, OPM did not have two-factor authentication, which left the agency fairly indefensible against a high tech security breach.
Because cyber attacks are on the rise, some people may be skeptical about
Authentication isn’t a one-size-fits-all solution. There are several different options based on customer and industry needs, including:
With this method, the signer clicks on a link in an email to be authenticated. This approach is typically best for in low-risk transactions. However, it can be paired with another form of authentication to further mitigate risks.
With shared questions, the signer is asked to answer more personal questions chosen by the sender, such as the last four digits of an account number or the signer’s mother’s maiden name. The answers to such questions are usually not found in your wallet, which can be stolen.
One of our most popular and user friendly options is text message. With this method, the signer receives a text message on their cell with a random, one-time password to enter before signing.
For industries looking to fulfill certain compliance regulations, this is a great option. Signers are prompted to supply their social security number and date of birth. If the SSN is valid and matches with the DOB, the user is verified. This can also be used in conjunction with shared questions to add extra protection
This is the highest level of authentication, so it’s one of the best solutions for highly sensitive documents where you need to be absolutely certain the correct person is signing it.
With KBA authentication, the signer will have to identify their social security number or date of birth. Once that is verified, the signer will have to answer four multiple choice questions based on 30 years of public records information. An example could be “where did you buy property in 1997?” Once the signer provides the correct answers to all four questions, he is authenticated.
While these options can stand alone, you can further mitigate risk by opting for multi-step authentication, or using a combination of two or more authentication measures. Just like two locks on your door are better than one, two-factor authentication is better than one method. Don’t make the same mistake as OPM and fail to properly protect your sensitive information.