We continuously use more and more online services of all kinds, and we are often forced to come up with new passwords. The usual behavior is that in many cases users repeat their passwords in different websites or social networks, which implies a high security vulnerability that can be exploited by hackers.
It is not enough to create a very strong password that is impossible to guess. For example, supposing that even though as a user I take the precaution to generate a very strong password, repeating it in different websites leaves me completely vulnerable. That is to say, if one of the many websites that I use suffers an attack where the information of users and passwords is stolen – something that happens very frequently – all the other websites or networks in which I use the same password will be at risk.
In addition, it is well known that users are the weakest link of an authentication system. In fact, one of the most frequently used passwords is 123456, which is a good indication that users don’t take into account the consequences of not having passwords that are strong enough so that brute force algorithms can’t crack them in just a few seconds.
One-Time Password (OTP) and Two-Factor Authentication (2FA)
One of the options to minimize this problem are One-Time Passwords (OTP); that is, to generate a single-use password every time the user logs in, sending the user the password needed to enter through email, WhatsApp, or SMS messages. In the case of mobile applications, sometimes push notifications are used. This, in turn, serves as an additional authentication factor because the user must be able to access one of these methods to obtain the password.
Obviously, this doesn’t guarantee anything because if my email account or cell phone access has been compromised, I will be exposed anyway. However, it is very unlikely that in addition to knowing my password, someone will also have access to the method I use to receive the OTPs. The convenience of this method is that I only have to remember my username, which in many cases is an email account.
Another important element to safeguard the access to email accounts, social networks, and other online services is a two-factor authentication (2FA). It creates another barrier to anyone trying to hack into one of your accounts because, in addition to your username and password, they must have access to the method used as a second authentication factor. In general, the second method involves receiving a random password on your cell phone or by email.
In our Low-Code development platform, we have been working on simplifying the development of applications that are also very secure. That’s why the authentication types added to GeneXus 17 Upgrade 5 include OTP-based authentication, as well as a two-factor authentication that is also based on OTP.
That’s in addition to all the native authentication methods supported by the security module available through the GeneXus Access Manager.
I invite you to upgrade your version to GeneXus 17 Upgrade 5, which includes all these new capabilities for a technologically strong, secure and future-proof Community.
You may also be interested in the following articles from the GeneXus Community Wiki: