Facebook Icon Facebook Icon Twitter Icon Twitter Icon Linkedin Icon Linkedin Icon Blog Icon Blog Icon Checkmark Icon Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Clock Icon Clock Icon Cloud Icon Cloud Icon Cloud Upload Icon Cloud Upload Icon Compass Icon Compass Icon Medium count 1 Icon Medium count 1 Icon Medium count 2 Icon Medium count 2 Icon Medium count 3 Icon Medium count 3 Icon Medium count 4 Icon Medium count 4 Icon Medium count 5 Icon Medium count 5 Icon Medium count 6 Icon Medium count 6 Icon Medium count 7 Icon Medium count 7 Icon Medium count 8 Icon Medium count 8 Icon Medium count 9 Icon Medium count 9 Icon Medium count 10 Icon Medium count 10 Icon Medium count 11 Icon Medium count 11 Icon Medium count 12 Icon Medium count 12 Icon Medium count 13 Icon Medium count 13 Icon Medium count 14 Icon Medium count 14 Icon Medium count 15 Icon Medium count 15 Icon Device with a checkmark Icon Device with a checkmark Icon Device Icon Device Icon Documentation Icon Documentation Icon Dollar Sign Icon Dollar Sign Icon Extend Icon Extend Icon Eye Icon Eye Icon Gear Icon Gear Icon Globe Icon Globe Icon Graph Icon Graph Icon Guidelines Icon Guidelines Icon Laptop Icon Laptop Icon Layers with checkmark Icon Layers with checkmark Icon Key Icon Key Icon Lock Icon Lock Icon Paper Airplane Icon Paper Airplane Icon Pencil Icon Pencil Icon Phone Icon Phone Icon Reliability Icon Reliability Icon Reset Icon Reset Icon Shield with Checkmark Icon Shield with Checkmark Icon Timer Icon Timer Icon Tools Icon Tools Icon Tutorial Icon Tutorial Icon Upload Icon Upload Icon User with Checkmark Icon User with Checkmark Icon User Icon User Icon Wallet Icon Wallet Icon Case Study Icon Case Study Icon Video Icon Video Icon Webinar Icon Webinar Icon White Paper Icon White Paper Icon

MORE AUTHY INNOVATION: ONETOUCH NOW ON DESKTOP

2016-11-29_1507The Future Of Authentication

Most authentication across the web is reliant on a username and password pair, a security strategy that’s decades old and out of date. Two-factor authentication (2FA) has helped increase security, but most often it’s implemented by sending security codes via an ever increasingly insecure SMS platform. More and more we see these traditional methods prone to attack and, in response, the industry has been creating better, more modern solutions. Authy’s OneTouch is one such example; it uses push technology to secure the link between your user and your application, in real time, as they are logging in.

Although push technology is nothing new, it’s just beginning to see common use in the authentication space, with the technology industry deploying OneTouch-type approaches in several business and consumer applications, including:

So What’s New For OneTouch?

Authy OneTouch is ideal for mobile users. And while it’s increasingly becoming a mobile world, we are well aware that many users still log into accounts from a desktop or laptop, especially in the workplace. Back in 2013, we developed an Authy for Chrome extension, to allow these users to access 2FA tokens directly from a computer screen without going through the hassle of copying them over from mobile devices.

Until now, OneTouch has primarily been available to iOS and Android users in the free Authy app or embedded directly into existing mobile apps using our SDK. So as of today, we’re adding the convenience of Authy OneTouch to our Authy for Chrome browser application.

onetouchchrome-large-5For developers, this means you can deliver notifications directly on your user’s desktops (similar to Facebook and LinkedIn notifications) that will alert you to a pending authentication or authorization request. Clicking on the notification will launch Authy for Chrome and allow you respond directly from the desktop or laptop. Quicker and more convenient for users, and a whole lot easier for developers.

No Longer Just For 2FA

OneTouch, and other services like it, are typically used for the initial login, where the first factor of authentication (a user entering a username and password) combines with a second factor (push notification to a mobile device). However, with OneTouch, you can now consider removing the password altogether. Yahoo Account Key does exactly this. Once you’ve registered your device (typically a smartphone) you no longer need a password to access your account.

Some of our customers even go beyond the login and implement this new authentication method to secure in application high-value events or risky data changes, such as transferring funds or deleting user accounts.

Today, the traditional method for approving such activities is to communicate by email. For example, in business, a project team may create a purchase order online, and the system shoots out an email to the CFO asking him/her to approve. The CFO will open the email, click on a link, and log in to the application. Once past the standard authentication steps, they must then navigate to the purchase order in question and approve or deny it.

That’s a lot of work, and all those steps (not to mention crowded inboxes) can cause long delays and jeopardize project deliverables. Instead, OneTouch takes this process and reigns it in by sending a quick notification to the decision maker’s phone. Open the app, read the request, review and approve.

The Future Of Chrome Apps

You may be asking yourself, “But isn’t Google getting rid of Chrome apps?” The answer is ‘yes.’ And so in 2017 we will also migrate our desktop functionality away from Chrome to a dedicated, cross-platform desktop version. We are still evaluating the best possible way to do this, but once we have settled on the technology of choice, you’ll see a new Authy for Desktops.

Implement Better Authentication

Try Authy OneTouch. Just a few lines of code and a few minutes of your time make it worth investigating. And because it’s now available on the Authy for Chrome extension, it’s even more convenient than ever.  Get started now.

About the author Simon Thorpe

Simon works in the product group at Authy and has over 15 years of experience in the security and identity management space. Working at companies like Oracle, Microsoft and Okta, he has spent a lot of time understanding and architecting solutions to secure all sorts of information. At Authy he works closely with the whole team to deliver a world class solution for developers to build security into their applications.