Enterprise security teams not only have to keep hackers out of their organizations’ infrastructure, but also do so in a way that doesn’t hinder personnel with authorized access.

SecureAuth Corp. is moving to help companies balance the two requirements more easily today by launching a new security feature called Symbol-to-Accept for its popular access management service. The feature is a variation of the tried and tested two-factor authentication that many business applications employ to block unauthorized logins. In its most common form, the mechanism is implemented as a notification system that sends a confirmation request to the user’s device after every attempt to access their accounts.

The idea is to create another obstacle for hackers to scale. In theory, compromising an account protected by two-factor authentication not only requires the appropriate login credentials but also access to the target worker’s smartphone or tablet. In practice, however, the mechanism is often vulnerable due to the simple fact that people don’t always pay full attention to their devices. SecureAuth Chief Technology Officer Keith Graham says that an attacker can spam users with login notifications until one of them eventually accepts a confirmation request.

Symbol-to-Accept eliminates the risk of a worker inadvertently letting hackers into their account by adding another cognitive step to the verification process. Instead of displaying a confirmation button in sign-in alerts, the patent-pending system generates a set of random characters similar to the image-based CAPTCHA test used by websites use to combat bots. A reference image then appears on the login screen of the service that is being accessed. Users must select the matching character in the alert to authorize the access attempt, which they can’t do if the login screen was opened by someone else.

SecureAuth claims that Symbol-to-Accept can thus help organizations make their applications more resistant to breach attempts without hindering the access of legitimate users. SecureAuth found in a recent internal study that 42 percent of companies consider “disruption to users’ daily routine” an obstacle to adopting tougher authentication policies.

Image via StockSnap