DEV Community: SAWO Labs

Simplifying User Experience Through SAWO

SAWO Labs — Thu, 06 May 2021 12:44:25 +0000

Hi

I'm Siddharth from SAWO Labs

Authenticating users before they access your product is critical and a good authentication mechanism can reduce the chances of fraud. At the same time, it mustn't be a complicated and frustrating experience for your users, as such an experience is sure to take them away from your product. In todays competitive world, that's definitely something you can't afford!
So, you need to authenticate users through a simplified user experience. Is that even possible, given the many cyberattacks and data thefts happening around us? Lets explore.

Eliminate Passwords

The first step to simplifying user experience is to eliminate passwords because lets face it, passwords are truly a pain!
First off, your users have to come up with complex passwords that in most cases are hard to remember.
Do you know that 21% of users forget passwords after two weeks and another 25% forget at least one password a day?
Well, when they forget, you lose, because the money that they intended to spend on your service is not spent and you lose that revenue! It also increases vulnerabilities as people tend to recycle passwords, and you'll eventually have to pay the consequences of a cyberattack and the resultant data loss.
Due to these reasons, it makes sense to eliminate passwords completely.
But then, what's the alternative? How do you authenticate users?

Knowledge-based Authentication

One option that was considered was the knowledge-based authentication where a secret question was asked at the time of sign-up. During future sign-ins, this question was posed and the right answer would authenticate you.
Though this seemed like the perfect reality, unfortunately, it was not the best option because all the answers to these secret questions were available somewhere on the Internet. Typically, think of social media or the dark web.
This meant that cybercriminals could easily find the answers to questions like What's your maiden name, Name of your pet, Your elementary, and so on. If you decided to give a whacky answer to those questions, you may forget it, just like the passwords!
So, this knowledge-based authentication was also ruled out as a secure means for authentication.

Try Multi-factor Authentication

Multi-Factor Authentication, or MFA in short, is often seen as an alternative to passwords. In this process, when a person enters the username, a one-time-password with a time limit for expiry is sent to the associated mobile number or email ID and the user has to enter the password to be able to log in.
While this may seem like a great alternative, in reality, it is just a complicated process that can lead to a bad user experience. Further, the vulnerability is high given that the device can be stolen or the messages sent via SMS can be intercepted.
So, this is not the most perfect alternative for passwords. Does this mean you're stuck between just these three options where all of it can frustrate users with their complicated user experience?
Not at all.
Welcome to the world of passwordless authentication.

Passwordless Authentication

The rapid strides made over the last few years in biometrics has made passwordless authentication a reality. Imagine how convenient it would be when a system automatically detects that it's you with your fingerprint or retina! No more passwords, no devices, no remembering anything.
Yes, that's the future. More companies are turning to biometrics for authentication because it simplifies user experience profoundly. Again, many options have opened up with biometric authentication, so choose the one that best fits your needs.

SAWO

SAWO Labs, a startup company has been simplifying user experience when it comes to authentication.
With this service, all that you have to do is enter the email ID or phone number associated with that website or application. No passwords or OTPs are required at all.
Isn't that a big relief? But how does SAWO authenticate the user?
SAWO uses your phone's lock password as a biometric authenticator to verify your identity and accordingly, authenticates you. It's that simple! When a user visits the sign-up page, he or she enters the associated email ID or phone number.
SAWO verifies this information with the phone lock password as the biometric indicator, and automatically, gives access to the application. No other information or process is required.
Some of the advantages of SAWO are:
- It greatly simplifies the user experience
- No more passwords or OTPs, which is sure to come as a big relief to your users
- Takes less than 0.06 seconds for the entire authentication process.
- It's an extremely safe and secure way to authenticate.

Support & queries

You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com

How is SAWO better than Single Sign On?

SAWO Labs — Mon, 03 May 2021 11:14:12 +0000

Hi

I'm Siddharth from SAWO Labs

Authentication and security are constantly changing, so read on to get a glimpse of the past, present and the future.
A few years ago, the exploding world of the Internet brought up the need for authentication through user IDs and passwords. Though it worked well initially, the growing use of websites made it difficult for users to keep track of multiple passwords, and this led to the evolution of a concept called single sign-on.

What is Single Sign-on?

Single sign-on, as the name suggests, is the use of a single password to log in to many websites. This authentication method allows users to enter their user ID and password just once to access independent systems and websites without having to enter the authentication details again.
The best example of single sign-on is Google or Facebook, where the credentials you use for signing into either of these sites are used for others as well. So, with just a Google or Facebook login, you can access multiple independent sites that have nothing really to do with Google or Facebook.
Obviously, this worked well for both users and companies because users didn't have to remember multiple passwords, and websites didn't have to store these user details in their database. Overall, it was faster and made life easy for everyone. But like every technology, change and obsolescence got to single sign-on as well.

Downsides of Single Sign-on

A single sign-on became a blessing for hackers because all that they had to do was hack into just one password to access a whole range of websites.
Take, for example, the Facebook breach where attackers accessed more than 50 million accounts and their credentials. Though Facebook reset the passwords of 90 million users, the exact impact remains unknown.
Also, this concept of single sign-on goes against the established principle of "Least Privilege" which states that users should have access only to the minimum data and applications that they need. This is because single sign-on is more about granting than restricting access, and unfortunately, this opens up a can of worms for any organization as they have to grapple with an increased likelihood of a data breach and the financial and reputational loss that can come with it.
To overcome this impediment, many organizations switched to multi-factor authentication where an OTP was sent to a users mobile phone or email as a second layer of authentication. But that wasn't ideal either because it meant additional work for both users and organizations, along with the additional costs of paying a third-party provider like a cellular operator.
So, emerged the next wave of authentication that remedied the defects of both multi-factor authentication and single sign-on. This next wave took into account users preferences as well, as it adopted a passwordless approach.

SAWO's Unique Approach

SAWO Labs has come up with a unique approach to overcome this security drawback of a single sign-on.
In fact, Secure Authentication Without OTP (SAWO) is a product born out of a need to have a convenient and streamlined authentication service that works well for everyone involved.
A lot of thought process has gone into making this approach hassle-free, swift, and standardized, thereby giving users and organizations the best of both the worlds of security and flexibility.

How does SAWO work?

When a user accesses the login page, all that he or she has to do is enter the phone number or email ID associated with the account, and SAWO will automatically verify it to authenticate the user.

Sounds simple, right?

The best part is SAWO does not save any password, so there is no possibility for a hacker to access it.

How is SAWO Better Than a Single Sign-on?

Here are some ways by which SAWO is better than a single sign-on.
- No passwords are stored, so hackers can't access a single password to gain access to a ton of websites and applications
- No OTP is involved, so there are no additional charges associated with it.
- Quick, as it takes less than 0.06 seconds to complete an authentication
- Secure, because it uses public-private key encryption for all transactions.
- Seamless and gives users a ton of flexibility
- Hassle-free authentication for organizations
- Compatible with all existing industry standards, including some of the strictest ones like FIDO2.
- Users don't have to remember a plethora of passwords to access different sites
- There is no need for organizations to implement complex workflows for authentication and payment processing.
- Increases cash flows for businesses
- Since it follows a simple workflow, SAWO is highly scalable
Due to this multitude of benefits, SAWO is undoubtedly a superior alternative to single sign-on. Its hassle-free, secure, and convenient approach has large rates of adoption among both users and organizations.
So, are you ready to jump on the SAWO bandwagon to be a part of the future?
Reach out to us right away to see how we can move towards a password-less secure world.

Support & queries

You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com

UX and User Authentication

SAWO Labs — Thu, 29 Apr 2021 06:07:45 +0000

Hi
I'm Siddharth from SAWO Labs

Some of the best practices for UX and User Authentication examined

In order for any business to be successful online, it needs to ensure that the customer has a seamless experience right from the time they visit the website until the final intent (be it a purchase, a subscription or any other action that the business wants the user to take) is complete.
But when it comes to matters of user data and security, often website administrators end up in a fix. The trade-off between security and convenience can be a tough decision to make, considering how these two parameters are generally pitted against each other.
Upping the security parameters leads to additional steps in the customer’s journey, which could be off putting. As an organization though, striking a fine balance between the two is the key to success.

UX: Less is more

When devising your User Experience, always follow the mantra of ‘Less is More’. Any hurdles during navigation would almost certainly lead to your potential customer bouncing off, as there is no dearth of options to choose from online.
By minimizing the number of actions required to complete a task or achieve a result, you make it easier for the user to browse your site. By being on the site for longer, your users are more likely to make a purchase decision, thereby helping you achieve your goals.
Logging in to websites that they don’t visit too often is a pain-point for users as they need to create and remember multiple passwords. Certain sites make it even more complicated by implementing two-factor authentication, which is no doubt secure, but requires the user to have a supplementary device.
To solve this issue, the highly secure yet extremely convenient process of biometric authentication is gaining momentum. Biometric authentication is super speedy and is completed in the blink of an eye, literally! However, due to the lack of biometric identification mechanisms on most desktops and laptops, website developers are wary of using this method.

Data Privacy: Do Indians care, and should you?

Unlike internet users in foreign countries, Indians are usually lax when it comes to data security on the internet. Most Indian consumers are indifferent to data privacy rules and regulations, focusing more on the user experience rather than on improving their security.
A survey conducted by McAfee revealed that online shopping in India has gone up by 68% percent since March. However, another worrisome finding is that only 27.8% of the respondents admitted to using online security solutions.
This poses a challenge to businesses as any data breach resulting even out of the negligence of the user could have a negative impact on the business’s brand image. So, the challenge lies in implementing a solution that is not only intuitive and easy to use, but secure at the core as well.

Tips on providing a solid user experience

Authentication alone does not guarantee security, as the users can have incorrect or fake information linked on their social account. Security is built on the fundamental concept of authentication combined with identification.
It is essential for businesses to realize that both these processes need not be done simultaneously. Rather, breaking down the process into identification at registration and authentication at checkout can greatly boost conversions.
Retailing giant Amazon adopted this method a few years ago, and is doing great, miles ahead of its competitors with regard to conversion rates. Amazon simply lets a guest user browse their entire catalogue and add items to the cart, personalizing recommendations based on cookies stored on the visitor’s device. Once the visitor has made the purchase decision by heading over to checkout, the login and authentication mechanism kicks in.
By this time, the user is so deep into the purchase journey that they do not mind the task of logging in. However, if this process had to be done at the start, it would seem cumbersome to the user, who might leave the site altogether.
Some businesses tend to use the fear factor to coerce users into keeping their account security details up to date. However, this ploy can backfire as the instilled fear can lead to reduced engagement and potential drop offs.
Businesses need to identify user pain points and provide simple solutions that are user-centric and not solely security or functionality centric.
Passwords as a form of authentication are really outdated and pose a large number of security threats. Added to it, is the high cost of maintaining a secure database which can store all the customer’s passwords safely. It’s high time for companies to ditch password-based methods to authenticate users. This is where biometric authentication comes handy, due to its speed, simplicity and tamper-proof nature.

Understanding your product from a security standpoint

As a business, it is important for you to be realistic about your security requirements. While multiple checkpoints including 2FA, captchas, security challenges and the like make sense for a website or an app handling sensitive financial data or confidential private information, the same does not hold true for say, a subscription-based e-magazine, blog or news website.
Planning an authentication system based on the security needs of your business while keeping the use-case and convenience of your visitors in mind will go a long way in attracting more visitors, consequently driving business.
Do a thorough competitor analysis, check out the best industry practices, conduct a risk-reward assessment and then replicate it by tweaking it to suit your business, and see the results for yourself.

A cost-effective quick fix crafted for you!

We understand that the above-mentioned process of research and analysis may not be easy for most businesses because of multiple reasons including lack of time or technical expertise. That’s why we have a simple solution designed keeping you in mind.
Contact our security experts at SAWO Labs today for a free demo and walkthrough of our ground-breaking passwordless authentication system that’s easy to deploy and scale up. What’s more? It’s super convenient to use and extremely user friendly. Try it out yourself today.

Support & queries
You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com

Future of Security and Authentication

SAWO Labs — Mon, 26 Apr 2021 17:57:20 +0000

Hi
I'm Siddharth from SAWO Labs

Passwords have been an integral part of our digital world, since time immemorial when the first computers arrived many decades ago.
Today, it is estimated that every employee in an organization uses an average of 191 passwords! It is beyond the average human capability to remember so many passwords, so people end up reusing the same password across many applications. This behavior explains why 80% of cyberattacks involve compromised passwords. People mash up their pet names with dates of birth and other random characters to come up with complicated passwords, still, it is a piece of cake for the advanced algorithms of hackers as they are created to identify and break these passwords within seconds.
So, given this double whammy of using passwords and the presence of algorithms to break them easily,

What is the future of authentication?

Multi-factor authentication

Multi-factor Authentication, or MFA in short, seems to be the next evolution in the world of authentication where a code is sent to an email ID or a registered phone number for an additional layer of security and verification.
While this process is definitely better and more secure than passwords, it is not easy to implement as it requires new hardware and systems to send authentication codes and match them.
From an organization's standpoint, MFA is not a cost-effective solution either because it has to pay a cellular operator for every SMS sent. This cost increases when employees have to access multiple systems as a part of their daily work.
Also, the growing trend of working from anywhere exacerbates this problem because it means more authentication, more complexity, and more costs!
Due to these reasons, MFA is more a stop-gap solution that may become obsolete when more advanced technologies for authentication take over. And this brings us to the next question. What are these advanced technologies?

Future of Authentication

Let's take a look at some of the emerging technologies that have the potential to change the way we access and authenticate users.

Biometrics

Many devices have already started using biometrics to authenticate users. Fingerprints, iris, and facial recognition have already become increasingly available at low-cost rates, thereby enhancing their use across devices.
That said, it is worth noting that implementing a biometric authentication is expensive as the exact fingerprint or iris pattern has to be saved and compared every time. It is time-consuming as well because it can take time to retrieve and compare, depending on where the databases are located and the speed of Internet access. Many times, it will require the use of third-party systems too.
Worse, these biometrics are not as foolproof as one believes as the system can be tricked.

Biometric authenticators

This possibility to hack into a single fingerprint or iris system takes us to the discussion of using biometric authenticators where systems use a combination of biometrics to authenticate a person.
These different authentication points will be automatically captured by the systems over time and these will be used in a random order to authenticate an individual. These authenticators will include behavior such as the way a user types, the speed, geolocation, and other factors that can help to authenticate a user.
However, the downside to these biometric authenticators will be the huge costs of storing and comparing. Plus, it will require advanced machine learning techniques and algorithms, all of which may require considerable investment in technology.

SAWO

Secure Authentication Without OTP (SAWO) is a breakthrough technology that is expected to play a big role in future authentication because it is simple, effective, safe, and cost-efficient.
This one-step process for authentication only requires users to sign up with their email ID or phone number, and the system takes care of the authentication. No passwords or OTPs are involved in this process and there are no third parties like cellular operators in this workflow. As a result, authenticating users is quick and cost-effective. The entire authentication process is completed in 0.06 seconds, making it one of the fastest authentication methods available today.
Also, it is secure because it uses public-private key encryption. It's important to note that this process doesn't store passwords at all, so there is absolutely no possibility for hackers to enter a system by stealing passwords.
Further, the entire authentication process is based on the concept of keyless passwords, a transformative process that is being touted as the next evolutionary step in the world of authentication.
Since SAWO scores high on speed, cost-effectiveness, and security, it is undoubtedly a part of the future and is expected to have wider adoption given that our society is moving towards an all-digital world.

Support & queries
You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com

Is SMS OTP authentication as safe as we believe?

SAWO Labs — Tue, 20 Apr 2021 12:23:06 +0000

Hi
I'm Siddharth from SAWO Labs

All of us who use banking or e-commerce applications are familiar with the authentication grind - enter your username and password and as additional security, enter the OTP sent to your registered phone number.
Though we find it cumbersome and even downright annoying, especially when the phone is not by your side or has run out of charge, still, we go with the process simply because we believe it is necessary to protect our data and credentials. But is the SMS OTP authentication as safe as we believe?
Before we jump into the answer, let's quickly look at the evolution of the practice of sending SMS OTPs to get an understanding of its advantages.

Evolution of SMS OTP

With the growth of Internet applications and the availability of advanced tools for hackers, security became a concern, and the existing security mechanism of just a password became insufficient. So, a two-factor authentication became a preferred option as the identity of a user was verified at two levels.
The first was the good old password, and this was followed by a code sent to a registered email ID or phone number. Since no downloads or physical tokens were required, this quickly became the de-facto way of authenticating users. But only until the downside was understood.

Is SMS OTP safe?

Though SMS OTP is touted to be safe and convenient, in reality, it is neither.

And why?

SMS can be hacked

Don't be shocked at the heading! It is true.
There have been many instances where the SMS codes have been hacked by leveraging the loopholes present in the telecom providers network.
Take the case of a massive hack that happened in 2017. Fraudsters leveraged a loophole in Signaling System 7 (SS7), an internal telecommunications standard that defines how mobile phones must connect and exchange a number with each other. As a result, they intercepted the codes associated with the banking transactions of users to transfer funds to their own accounts.
When this came to light, it caused a big uproar, but the practice of using SMS OTPs continued for a lack of other viable options.

Greater acceptance for non-OTP options

Almost every major organization today is listening to the millennials, as they are the future users of existing systems.
According to a survey conducted by Aite Group, more than 48% of millennials were open to the idea of switching authentication modes. In comparison, only 16% of seniors were open to this possibility.
This goes to show that the next generation of users are more willing to explore authentication methods that go beyond just passwords and SMS codes. In fact, 85% of the respondents in this age group were open to fingerprints while 76% were willing to go with facial recognition. Since biometrics have a wider acceptance, many solutions have started embracing it, to not just meets the users' preferences, but also to improve the level of security and authentication.

What is SAWO?

Secure Authentication Without OTP (SAWO) is the next-gen authentication system that moves away from passwords and OTPs, and at the same time, securely authenticates users.
With SAWO, all that users have to do is enter their username and the associated email ID or phone number. That's it! No passwords and no OTPs at all. The system will trigger the phone lock and based on it, will automatically authenticate the user against the registered phone number or email ID to verify the credentials, and will accordingly, provide access.
The best part is that SAWO stores no passwords, so there is no chance for hackers to access them. From an organization's standpoint, there are no hassles involved, and it is cost-effective as well because there is no dependence or financial payouts to third-party providers like cellular operators.
For users, it is a safe and easy way to log in without having to remember complicated mashed-up passwords or waiting for the SMS code on their phones.
In all, a win-win situation for everyone involved.

So, reach out to us right away to get started!

Support & queries
You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com

SAWO - One Stop Solution for your Authentication Needs

SAWO Labs — Thu, 15 Apr 2021 14:16:25 +0000

Hi
I'm Siddharth from SAWO Labs

What is SAWO?

SAWO is a B2B2C service-based company whose API Integration enables one-tap authentication on your app (Android, iOS and Hybrid) and web to provide passwordless and OTP-less authentication experience.

What can SAWO do for you?

Not only does SAWO's API eradicate passwords and OTPs but also the endless inconvenience brought on by the existing authentication alternatives. We offer a customer-centric, standardized, and device-based verification.

Convenience
- Go Passwordless in no time: Just 6 minutes to transition towards a passwordless future.
- Give your developers a break: Easy integration with every popular web, cloud, VPN, remote access gateway, and more.
Security
- Biometric Authentication: Additional device based security layer for user convenience.
- Secure User Authentication: No Saved Data. No Cookies. No Phishing.
Cost
- Optimised and personalized pricing. Various modes of payments accepted.

How to integrate SAWO?

There are 3 ways to integrate login verification within just a few minutes with SAWO:

Web-SDK Integration

Android-FIDO Integration

iOS-FIDO Integration

Checkout our docs which will provide you a step wise guide to proceed with the integration.

Support & queries
You can join our Discord Server Community and interact with other developers and can ask for any support you require.

In case of any other query, feel free to reach out to us at community.sawolabs@gmail.com