Sirius Portal Security: SQL Injection
Sirius Portal Security: Mobile App Security and Password-less Login
Vega Solutions’ Sirius Web Portal has been built by a team of expert developers, penetration tested by professionals, and used to protect our customers’ data successfully for decades. As you might imagine from an application with such a track record, Sirius contains many layers of security to protect against attack.
Security is a top priority for our secure Sirius portal. However, we also recognise that usability is an equally important factor for our customers. In this post, we will discuss some of the most user-friendly but secure methods which Sirius supports for logging in: PIN and biometric login for mobile.
We have recently developed a mobile app for one of our customers, which allows users to log in securely using either a PIN chosen by the user or biometric methods: fingerprint or Face ID. This is an elegant solution which provides both usability and security. After downloading the app, the user must register using their user ID and a PIN of their choosing. This links their phone to their user ID, meaning that no one else can log in to their account using another phone. Once they have registered, they can sign into the app using only their fingerprint or Face ID, if they have these set up on their mobile.
With this solution, in a worst-case scenario, where the user does not have any fingerprint or Face ID set up on their phone, and uses a PIN to log in to their app, a bad actor would need to know the user’s PIN, and have access to the user’s phone in order to access their account. When a user does have fingerprint or Face ID set up on their phone, a would-be hacker can’t do anything without having access to the phone and the owner’s fingerprint or face!
For extra security, we have further checks for specific actions while the user is logged in to the app. For example, the user is required to approve each payment using their PIN or biometric method. This means that even if a bad actor were to steal the user’s phone while the user was logged in, they are still prevented from making payments.
As you can see, we take our mobile app security and usability very seriously. However, we have also leveraged this mobile app login process to make our desktop login process more secure, without harming usability. We can now allow users to log in to the desktop without having to enter a password, by sending the user a mobile notification, through which they can authorise the login attempt using either a PIN, fingerprint or Face ID. This again means that a bad actor cannot access the user’s account via desktop, without also having access to the user’s mobile, and having the PIN or biometric data necessary to access the account.
At Vega, we are constantly improving Sirius to take advantage of new technologies which enable us to increase security and improve usability for our customers. This blog post has outlined some of these new features. If you are serious about your web portal security and would like to learn more about what Sirius can do you for, please contact us today.
Related posts
