In today’s digital landscape, robust security measures are paramount to safeguarding sensitive data and preventing unauthorized access. At iSteer, we are committed to providing the highest level of security for our clients’ accounts. That’s why we employ Multi-Factor Authentication (MFA), a powerful method that requires users to provide two or more independent factors to verify their identity.
What is Multi-Factor Authentication (MFA)?
MFA is a security approach that adds multiple layers of protection beyond just a username and password. By requiring additional verification steps, MFA significantly reduces the risk of unauthorized access even if one factor, like a password, is compromised. This layered approach ensures that only legitimate users can access their accounts and perform transactions.
Our Multi-Layered Approach to Authentication
CBI, PSB utilizes a comprehensive MFA system that integrates three distinct authentication modules:
- Security Question and Answer (SQA)
- CAPTCHA
- One-Time Password (OTP)
Let’s delve deeper into each of these modules:
- Security Question and Answer (SQA): Your Personalized Security Key
SQA provides an extra layer of verification by asking users to answer a pre-selected or user-defined security question. This personal touch adds a unique security dimension that only the account holder can navigate.
How SQA Works:
- Account Creation: During the initial setup, users either choose a question from a predefined list or create their own, ensuring a personalized approach. They then provide a confidential answer known only to them.
- Account Recovery/Verification: When recovering an account or during suspicious activity, the system prompts the user to answer their security question. If the answer matches, it confirms the user’s identity.
Types of Security Questions:
- User-Defined Questions: Created by the user, offering maximum personalization (e.g., “What is the name of my favorite teacher?”).
- System-Defined Questions: Predefined by the system for ease of use (e.g., “What is your mother’s maiden name?”).
Why SQA Matters:
Security questions act as a vital secondary authentication layer. This safeguards sensitive information by verifying that only authorized users can access their accounts, even alongside other MFA methods.
- CAPTCHA: Differentiating Humans from Bots
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a crucial security feature that distinguishes human users from automated bots. By presenting challenges that are easy for humans but difficult for bots, CAPTCHA prevents malicious automated activities like form submissions or the creation of fake accounts.
Types of CAPTCHA:
While various CAPTCHA types exist (numeric, uppercase letters only, lowercase letters only, simple math problems), iSteer utilizes Alphanumeric CAPTCHA.
Alphanumeric CAPTCHA in Our System:
This type combines numbers and letters, offering:
- Increased Complexity: Making it harder for bots to guess the correct input.
- Enhanced Security: Providing a robust defense against automated attacks.
Base64 Encoding for Added Security:
Our CAPTCHA images are Base64-encoded, a method that embeds the image directly within the webpage’s source code. This reduces server requests and enhances security by preventing direct access to CAPTCHA files.
- One-Time Password (OTP): Time-Sensitive Security
OTPs are temporary, randomly generated codes sent to the user’s registered mobile phone via SMS. These codes are valid for a short period, providing a dynamic and robust layer of security for each transaction or login session.
OTP Implementation at CBI, PSB:
- OTP Generation: Our system generates a unique numeric or alphanumeric OTP.
- SMS Delivery: The OTP is delivered to the user’s phone via a secure SMS gateway using .NET Core SMS integration.
- Proxy Server: To enhance security, all API calls to the SMS gateway are routed through a proxy server. This masks sensitive credentials (like API keys) and allows for monitoring of SMS activity.
- User Verification: The user enters the received OTP. The system verifies its validity and expiration to complete the authentication process.
Advantages of OTP:
- Enhanced Protection: OTPs provide an extra layer of security even if static passwords are compromised.
- Time-Sensitive Security: The short-lived nature of OTPs ensures that each code is unique and valid only for a single session.
Conclusion: Your Security is Our Priority
By integrating SQA, CAPTCHA, and OTP into our multi-factor authentication framework, iSteer provides a robust and multi-layered security solution. We are dedicated to protecting your accounts from unauthorized access and ensuring the safety of your valuable information. With these advanced security measures, you can confidently manage your finances and trust in the security of our platform.