Frequently Asked Questions

There are three types of factors used to authenticate people online: 

1. Something the user knows (such as a password, an answer to a secret question or a PIN)
2. Something the user has (such as a smartcard, a hardware token or a mobile phone)
3. Something the user is. This usually refers to biometric information such as a fingerprint, retina scan, or the use of voice recognition software.

Multifactor Authentication is the use of two or more different factors in order to authenticate a person. For example, a business may authenticate employees by requiring the employees to use a password (something the user knows) and a one-time authentication code generated on a hardware token that they carry with them (something the user has). 

Some websites authenticate users by requiring a password (something the user knows) and a one-time authentication code that is sent as an SMS text message to the user's mobile phone (something the user has).  

The challenge for websites with a large user base is that people generally do not want to carry additional items like hardware tokens or smart cards, and they are typically reluctant to give biometric information to websites they visit. This is why many more websites are starting to rely on the user's mobile phone as the second factor. Confident Multifactor Authentication™ does this by sending an image-based authentication challenge to the user's mobile phone. The user must correctly identify which pictures match their secret authentication categories (something the user knows) by selecting the appropriate pictures on their mobile phone's display (something the user has).

• Back to Top

There are three types of factors used to authenticate people online: 

1. Something the user knows (such as a password, an answer to a secret question or a PIN)
2. Something the user has (such as a smartcard, a hardware token or a mobile phone)
3. Something the user is. This usually refers to biometric information such as a fingerprint, retina scan, or the use of voice recognition software.

Two-Factor Authentication is the use of any two of the factors listed above in order to authenticate a person. For example, a business may authenticate employees by requiring the employees to use a password (something the user knows) and a one-time authentication code generated on a hardware token that they carry with them (something the user has). 

Some websites authenticate users by requiring a password (something the user knows) and a one-time authentication code that is sent as an SMS text message to the user's mobile phone (something the user has).  

The challenge for websites with a large user base is that people generally do not want to carry additional items like hardware tokens or smart cards, and they are typically reluctant to give biometric information to websites they visit. This is why many more websites are starting to rely on the user's mobile phone as the second factor. Confident Multifactor Authentication™ does this by sending an image-based authentication challenge to the user's mobile phone. The user must correctly identify which pictures match their secret authentication categories (something the user knows) by selecting the appropriate pictures on their mobile phone's display (something the user has).

• Back to Top

CAPTCHA stands for Completely Automated Turing Test to tell Computers and Humans Apart. They are a type of challenge test used on websites to verify that the transaction taking place, or the comment being posted is in fact being performed by a human and not generated by a computer.
 Automated networks of computers – called bots – are used to post spam and malicious links to websites, register fraudulent email accounts that they use to send spam, corrupt online purchasing processes, defraud online customers, steal identities, and much more. According to some sources, bots account for 95 percent of all spam, and up to 20 percent of advertising click-throughs on websites. As bots corrupt online processes and drown out real human interaction on your website, they drive down the number of visitors and diminish your ability to earn revenue on the website. (source)  
CAPTCHAs are used to block bots and prevent:

• Comment spam
• Registration spam
• Contact form spam
• Scrapers from stealing email addresses
• Dictionary password search attacks
• Servers getting bogged down by spam and malicious scripts
• Search engine bots from accessing private data on web pages
• Corruption of online polls and contests

Blogs and social networking sites need CAPTCHAs to verify that a human is posting a comment or sharing a link, rather than a bot spreading spam or links to phishing sites. Web-based email accounts like Yahoo or Google use CAPTCHAs to verify that a human is signing up for the new account, not a bot wanting to use that account to send spam email. Online auction sites need CAPTCHAs to ensure that individuals are doing the bidding, not bots trying to drive up the prices.   

• Back to Top

Confident CAPTCHA is used for verification – to tell the difference between a human and a bot during an online transaction. It is beneficial for social networking sites and blogs that want to prevent bots from posting spam comments, or for e-commerce sites needing to prevent bots from making fraudulent transactions, or for any type of website that wants to prevent bots from registering accounts, spamming contact forms, biasing online polls and contests, or initiating other types of transactions. Confident ImageShield is used for authentication – to confirm that a person logging in to a secure site is who they say they are. It provides a more advanced layer of security. For example, an online banking website or a healthcare website that provides patients access to their electronic medical records need strong authentication measures to protect their users’ confidential information. Confident ImageShield serves as an additional security layer and a form of strong authentication. Take the example of an online banking site: when the customer first registers on the site, they select categories of images. They will use those same three categories each time they log in, rather than entering an alphanumeric password. Confident ImageShield authenticates the user – because only that individual knows their secret image categories – and it creates a unique, one-time access code, which is more secure than alphanumeric passwords.

• Back to Top

As bots have become better at breaking CAPTCHAs, the creators of those CAPTCHAs have made them more and more difficult to break. Unfortunately, this has also made them difficult for people to decipher. Almost every Internet user has had the experience of being asked to solve a text-based CAPTCHA depicting a warped and hard-to-read word, only to fail repeatedly in entering the correct letters. This not only causes user frustration and creates a bad customer experience, but often leads the user to abandon the website transaction completely. For an online business, this means lost sales revenue or, if the customer seeks a more expensive channel to complete the transaction such as over the phone or in-person, it can mean higher operating costs. For social networking sites or blogs, it means that users are not leaving comments or otherwise interacting on the site. Only Confident CAPTCHA provides an image-based CAPTCHA solution that is both easy for the user and more secure against bots. By asking the website visitor to simply recognize and click on specific, clearly-displayed photographs, Confident CAPTCHA eliminates the strain and frustration commonly experienced by website visitors. Yet, because the specific images and their locations change each time and because computer vision is not advanced enough to recognize the images that need to be selected, Confident CAPTCHA is tougher on bots than traditional text-based CAPTCHAs.

• Back to Top

For verification (CAPTCHAs)

When it comes to CAPTCHAs, our image-based solution is more user-friendly. It’s simply much easier to identify and click on a clear photograph than it is to decipher an illegible and obfuscated piece of text. It’s also more difficult for bots to break because the images and their locations change every time, and because computer vision is not advanced enough to recognize the correct images. 

For authentication and logins

Likewise, when it comes to authentication, our image-based solution is easier on the user and more secure than many traditional authentication solutions. The most commonly used method of authentication on websites today is the username and password combination. It’s also the least secure method. Strong passwords contain many letters, numbers and symbols and are changed frequently – but they’re difficult for people to remember. Weak passwords are easier to remember, but they are also easily compromised by hackers. People often end up writing their passwords on paper or using the same password for every website – negating the security component completely. An image-based solution is easier on the user because the human brain has a much easier time recognizing images than remembering arbitrary strings of letters and numbers. The individual simply has to remember the categories that they will use each time the log on – such as clocks, cars and musical instruments. At the same time, ImageShield makes the authentication process more secure than alphanumeric passwords because it creates a unique, one-time access code during each login.

• Back to Top

Replacing alphanumeric passwords or challenge questions

An online banking website might choose to have customers log on with a combination of a username plus Confident ImageShield, rather than a traditional username and alphanumeric password due to the security weaknesses associated with passwords. Or, they might choose to use Confident ImageShield as the second layer of authentication after a customer fails their first login attempt. Today many websites ask a challenge question like “What is your mother’s maiden name” for the second layer of authentication, but these types of questions are not secure because most of the time the answer can be discovered online or in public documents. Any secure website that handles confidential information (such as a banking website, a healthcare site that allows patients to access electronic medical records, personal financial management sites, sites that handle monetary transactions, like PayPal, etc.) can benefit from using Confident ImageShield either as a stand-along authentication solution or as a layered approach in combination with other security solutions.

Eliminating tokens and key fobs

The cost of implementing tokens, key fobs or smart cards for multi-factor authentication is simply cost prohibitive for many organizations. Confident ImageShield, as well as Out-of-Band Verification from Confident Technologies can serve as an alternative form of strong, multi-factor authentication. Because Confident ImageShield is a cloud-based technology, there are no expensive implementation or hardware costs. And because Confident Out-of-Band Verification utilizes the mobile phone that your customer or employee already uses, there are no expenses related to distributing tokens or smart cards. Confident ImageShield can serve as a stand-alone security solution, or be deployed anywhere within your authentication process, layered with your existing authentication technologies.

• Back to Top

Confident Technologies’ authentication solutions help your organization demonstrate that it is using strong authentication methods to protect individuals’ private data. This can help your organization demonstrate compliance with FFIEC (Federal Financial Institutions Examination Council) regulations, Payment Card Industry (PCI) regulations, HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley Act (GLBA) or other regulations pertaining to protecting private data.

• Back to Top

Authentication is the process of verifying the identity of a person. There are three main ways to authenticate a person:

• Authentication by knowledge (something only the user knows) – such as a password, PIN or answer to a secret question
• Authentication by ownership (something the user has in their possession) – such as a token that generates a one-time password, a smart card, or a mobile phone that can receive a text message or voicemail with a one-time passcode.
• Authentication by characteristic (something only the user is or does) – such as biometric authentication using fingerprints, iris scans or voice recognition.

Strong authentication, or multi-factor authentication, is the process of using any combination of two or more of the above mentioned means of authentication. By combining different authentication methods, an organization has a higher level of security. For example, one method might become compromised – let’s say the individual’s online password has been stolen by hackers who are trying to login to that person’s banking website. If the bank has implemented strong authentication and security policies and solutions, it could recognize that the login is being attempted from a suspicious IP address. It could then require a second form of authentication through a separate channel – such as sending a one-time passcode to the customer’s registered mobile phone – before allowing the login. Although the hackers have the customers online password, it is very unlikely that they would also have possession of the customer’s phone to receive the required one-time passcode that was sent. The hacker would be denied access to the customer’s online bank account. As more and more business is conducted online today – from online banking and bill paying, to accessing electronic medical records and health insurance claims – individual’s confidential data is at a higher risk of being accessed by hackers and cybercriminals. Organizations in financial services and healthcare industries are required by law to implement strong protections to secure that confidential data.

• Back to Top

Our authentication solutions have been designed to be easily deployed within any part of the authentication process. The software-as-a-service (SaaS) solutions are easily deployed and can be layered with other security and identity management solutions for an additional, unique layer of authentication.
Our solutions can also deployed as a virtual appliance in a data center, or they can be integrated as an OEM or white-label solution within other security services that vendors offer.

• Back to Top

MyVidoop is a free service for consumers that is powered by Confident Technologies. It is a secure, cloud-based password manager that leverages Confident Technologies’ ImageShield technology. When consumers sign up for MyVidoop, they select three categories of images that will be used for authentication. They then store all their username and passwords with the secure MyVidoop site. After setting up their MyVidoop account, users can relax when online. They can do their online banking, pay bills, shop online, etc. – without needing to remember numerous logins and passwords for each site. With one click, MyVidoop manages all their login identities, automatically fills in the proper login information for that site or auto completes forms. Learn more and sign up at http://myvidoop.com.

• Back to Top

When a customer first registers on a secure site, such as an online banking site, they need to provide their phone number as part of the account setup process. From then on, when the user is logging in to the website, if out-of-band verification is needed they will receive a confirmation call on their phone. They simply answer the phone and press the number or PIN given to them on the call. There is no software to install or setup required from the individual consumer.
The out-of-band verification can be sent as a text message or SMS to a mobile phone, or as a voice message to a mobile or landline phone.

• Back to Top

All of our technologies have been developed to support a layered approach to security and can be easily deployed within a customer website or a technology partner’s existing security solutions. We’re happy to discuss OEM or white-label opportunities with technology partners. Please contact us at 858-345-5692 or Partners@confidenttechnologies.com

• Back to Top