Third Party QA Testing with Xray
Hiring Third Party QA teams to verify a product has become a common practice - find out what Third Party QA Testing is and how Transition Technologies PSC approaches its implementation using the Xray tool.
We have been trying for a long time to devise safer and more effective ways of identifying a user than by using a login and a password. Along with the development of technologies such as fingerprint readers or retinal scanners, we can verify identity as well as with the use of a login with a password.
Additionally, having all those devices built-in a mobile phone, we are able to confirm our identity safely. However, to standardize the way our identity is verified, Fidoalliance.org organization has decided to create one best practice in case of user’s authentication as well as their operations’ authorization. Those protocols have been given an abbreviated name FIDO.
One of the FIDO standard protocols used in user’s authentication on internet platforms is UAF. Shortly, its work is based on the following algorithm:
At an authentication attempt, a client’s application (further referred to as UAF Client) sends a request to send a list of authenticators (e.g. fingerprint reader ) registered on UAF server for a given user. After receiving such a list, UAF Client checks if it has a pair of keys which matches the one registered on UAF server before. If so, it codes so called „challenge” (e.g. a partially randomly generated part of text. It can be any text or a string of bytes.) sent from server, with the use of a private key. This kind of task could be, for example, a partially randomly generated text or a string of bytes. Next, such a coded message is sent to the server along with other information.
Server checks if the message which it received is encoded with the key which had been saved in the registration process. If so, the user is successfully verified and the authentication process is successful.
Many people might wonder if this way of authentication is better than a standard login and password.
First of all, it’s a way which allows avoiding storing users’ passwords or their data on authentication servers. It has positive impact on the application’s security. Additionally, UAF protocol has protection against theft of the authentication device, it can monitor the number of authentications which have been performed with its use. It can also deactivate a stolen/lost authenticator, which prevents a user from losing access to their account on the platform, but they only lose a possibility of verifying their identity with the use of the lost authenticator.
Summing up, along with increase in accessibility of user’s authentication devices which use biometric readers, mobile applications, retinal scanners, etc, we less and less need passwords which have to be memorized, and we can transfer the responsibility to our devices. It is possible by means of e.g. UAF protocol from a set of FIDO protocols. Such solutions will work perfectly in bank applications, where a particular attention is given to providing the highest possible safety standards.
Logging in to an account on a mobile device will be much safer with the use of a fingerprint or a retina scanning camera built-in a laptop or a PC.
Let’s get in touch
Contact us