Swoop Authentication Explained
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Swoop Authentication Explained Introduction Swoop authentication replaces the password and reduces the security vulnerabilities that go along with password-based authentication, including the vulnerability that occurs when an email account is hacked. The goal of Swoop Instant Buttons is to make the internet a more secure and better place to get things done. Swoop replaces customer-created passwords with a rigorous security protocol. Authenticating with a password is one of the worst aspects to transacting on the internet. By removing the password, organizations can remove the security risk that comes with storing them while also providing their customers with a superior user experience. In short, the value proposition of Swoop authentication is that it offers a more secure and convenient way to authenticate while online. Your Email Account Is Your Most Important Online Account Most people do not realize when it comes to security that their email account is the most important online account that they possess. Email accounts are the skeleton keys of the internet, all your other online accounts are dependent on your email account being secure. If an intruder takes control of your email account, they effectively become you on the internet. They can attack your bank account, take over social media accounts and all other accounts that you have set up online. The intruder can simply go to these sites and reset your password and hijack your account. Swoop authentication technology and our Instant Buttons can stop hackers from taking over any account that uses them. Instant Buttons
Swoop Authentication starts with our branded Instant Buttons. Inside of
these buttons, we have embedded mailto links that initiate the
authentication process. For the past 6 years, we’ve been working to
optimize the mailto link for authentication purposes. Instant Buttons
represent 3rd Generation of Swoop technology. Here is a list of Instant
Buttons currently available:
This button makes it possible to login to a website
without a password
Makes it easy and secure to pay for a product or
service.
Instantly sign up for an account without having to dream
up and remember a password.
Makes donating easy.
Makes it easy to secure the pledge. Extremely useful
for capital improvement projects and donations that are
too large for a credit card and may be spaced out over
months or even years.
Log Into Website Without a Password
(Instant Sign In)
Our technology addresses a need for every website around the world
that asks people to sign in.Create Online Account Without A
Password
With this button, you can sign up in two-clicks. This will create more
accounts with more websites because they do not need you to set up and
remember credentials (username and password).Instant Buy
Buying just got a lot easier!
.
Swoop Security Protocol Explained
Layer 1: Authentication with DKIM
All outgoing emails receive a digital signature as they leave the email
server. This signature is called a DKIM signature. DKIM stands for
DomainKey Identified Mail. Every email domain has its own private keythat writes a digital signature on outgoing emails that tell the recipients
where the mail came from.
When the customer authenticates through email, Swoop receives the
authentication email and checks the DKIM signature using the published
public key. If it passes, we know the message came from the customer's
domain. DKIM signatures are either in 1024 or 2048 bit encryption. Here
is an example of a confirmation message that we recently received:
DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane;
c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938;
h=from:to:subject:date:keywords:keywords;
bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR
If this signature passes decryption, then we know as a matter of
mathematics and physics that this email originated from the sender's do
main.
Layer 2: Authentication Using Sender Policy Framework
The digital signature based authentication process described above is
reliable on its own. But when it is a matter of security, redundancy and
second source verification is a powerful asset. To this end, Swoop
leverages Sender Policy Framework (SPF) to provide a second,
independent verifcation of the sender’s domain. SPF does not rely on an
encrypted digital signature. Instead, it relies on a path-based verification
process that is wholly independent from public key encryption methods
used in layer 1.
The first thing to know is that email domains publish lists of “senders” that
are allowed to send email on behalf of their domain. The second thing to
know is that usually an email needs to pass through three or more emailservers before it reaches its destination. So every time an email passes through one of these servers, a lookup is performed to see if the email came from a sender that is on the approved list of servers. If so, then a link is established between the authentication email and the email domain that it came from. This link is then inserted into the header of the email and passed along. Once the authentication email reaches our server, we verify the “path” from the originating domain to our server. By being able to trace the handoffs (sounds like blockchain), we know that the email came from the customer’s domain. As a combination, these 2 layers provide a powerful authentication mechanism to use as the basis of our security protocol. However, there are many gradients within each layer and additional securities measures that need to be taken to fully safeguard the authentication process. We call this layer 3 Layer 3: Swoop Security Algorithms Swoop uses a security algorithm to evaluate the data provided from the DKIM and SPF checks. There are a lot of details that we will not go into here, but it includes things like key size, domain authority, transaction history to name a few. Additionally, our algorithms evaluate data outside of Layer 1 and 2 to ensure that the DNS Registry has not been compromised by either a domain attack or a brute force DNS attack. Our algorithms either approve a transaction, reject a transaction or ask for further confirmation. Layer 4: Protecting the Email Account From Hacking Swoop offers a configurable, two-factor authentication technology that monitors the sign in attempts for all Instant Button Accounts. This layer is intended to provide a protection not currently available for online accounts in the event that the customer's email account gets compromised.
When a login attempt occurs on one of your online accounts, Swoop sends
you a text message notifying you that your account is being accessed. If
you want to stop this login, then you simply text “Stop” and Swoop ends the
web session before damage can be done.
Swoop also provides artificial intelligence to monitor your log in patterns.
Much like credit card companies do, we look for patterns of behavior and
notify you or hold an account for a dual factor authentication before
allowing harm to be done from email account hacking.
Without this fourth layer, most email accounts are vulnerable to a reset
password attack. Swoop prevents this type of attack.
Summary
Authentication with Swoop Instant Buttons is more secure and more
convenient method than the use of passwords. They are designed for use
on mobile and desktop computers.
Our security protocol consists of four independent layers:
1. Public Key Cryptography Technology Layer using either 1024 or 2048
key technology,
2. Path-Based Technology Layer,
3. Swoop Proprietary Algorithm Layer, and
4. Swoop Configurable, Two-Factor Authentication Layer that includes
machine learning technology to monitor the account.
The goal is to eliminate the use of passwords on the internet and make the
internet a better, more secure place to get things done.You can also read
