KillSwitch technology catches brute-force attacks

Confident KillSwitch is an authentication technology that can identify and proactively defend against brute force attacks on account logins, password reset processes, transaction verifications and other authentication requests, collecting actionable data the business can use to halt attempts to compromise web and mobile accounts in real-time.

The use of brute force attacks and the exploitation of easily guessable passwords were responsible for more than half of the major data breaches in 2010.

Furthermore, research conducted at Cambridge University revealed that more than 84 percent of top websites including Amazon, eBay and WordPress, do not limit the number of failed login attempts – leaving the sites wide open to brute-force attacks and the guessing or harvesting of usernames and passwords.

Confident KillSwitch allows businesses to identify and stop such attacks in the act, whether it’s a brute-force attempt to compromise a single account or a wide-scale attack across multiple accounts on the site.

How Confident KillSwitch works

When a user first registers with a website, mobile application or other online service using Confident Technologies’ image-based authentication, they choose a few secret categories of things to remember – such as dogs, flowers and cars. Each time authentication is needed, the website presents the user with a grid of random pictures – called the Confident ImageShield. The user must correctly identify the pictures that fit their secret categories to form a one-time password and authenticate.

If the website or online service has enabled the Confident KillSwitch feature, the user can establish one or more “no pass” categories in addition to their secret authentication categories during registration. If a hacker or a bot attempts to access the account by guessing login credentials or using a brute-force attack, and selects an image that fits one of the user’s “no pass” categories, Confident KillSwitch can automatically alert the business or account owner that unauthorized access is being attempted.

The technology can lock all access to the online account, or can present increasingly difficult ImageShield challenges while gathering important information including the IP address, geographic location and behavioral biometrics of the would-be attacker, and whether it’s an attempt to compromise a single account or part of a broader attack on the organization or even across multiple organizations.

The data collected by Confident KillSwitch can also be fed into the company’s risk engine, fraud-detection platforms, or other adaptive security systems to further enhance the decisions made by those systems.




Share this