Contextual Authentication - Who is Behind the Keyboard?

Have you ever asked yourself this question before? The MTV TV show Catfish asks this question in every single episode. They work with people all over the United States that have fallen in love with someone they have never met in person, or even talked to on the phone before. On the show, the two hosts work together to find the person who is behind the other keyboard in order to play matchmaker. Nine times out of ten, the person on the other end of the line is not who they say they are. They might not even look remotely close to who they are pretending to be online.

This got me thinking a couple of things… Why do people do this? And how can user fraud be stopped online?

Catfish

Now, I am no psychiatrist but I do have my own formulated theories about why people pretend to be who they aren’t online.

Pretend. That is one of the reasons I believe that people do this. Some folks are very unhappy with their lives and have to live vicariously through others, or even use other personas that reflect the life they wish they lived. By going online and making a fake profile on a dating site or social media, they can live out that other reality. It is like a release for them, much like playing pretend as a child.   It’s exerting control over life when it isn’t there in reality.

Revenge. One thing that I have noticed on Catfish is that every once and a while someone on the show is out for revenge. An ex-lover that is spiteful can spin up a fake profile to get back at an ex-partner. Technically this is also a form of cyberbullying, since the person is acting this way out of spite.

Loneliness. Myself and others agree that sometimes a person fakes their online identity simply because that person is lonely. Who hasn’t been there before? It is a Friday night and all of your friends are out with their significant others and where are you? Sitting on the couch in pajamas, elbow deep in a pint of Ben and Jerry’s. Enough lonely nights like this can lead to the urge to do something about it. Do something, but not something too serious. Just have some fun and talk to attractive people who may not be interested in the real you. Everyone needs to be loved right?

No matter the reason behind the catfish, a true catfish will lead to someone getting hurt. Sometimes, it ends up being both parties involved that get hurt from the situation.

How can user fraud be stopped?

End-user fraud is typically committed in order to steal information. Whether it is personal or corporate, that information is then typically sold on the black market for a hefty amount of cash… or Bitcoins.

There are many ways to consider when looking to prevent said information from being stolen. Stronger passwords are great, and two-factor authentication is excellent, but what about setting physical parameters as to where the information can be accessed? This concept may sound neat and almost futuristic to some, but it does exist. The term for this type of restriction is contextual authentication.

What exactly is contextual authentication?

Contextual authentication is a form of two-factor authentication that leverages information such as a geolocation, familiar Wi-Fi network, registered device or selected hours of access to ensure proper user identity.  This system of protection is established by the inclusion of transparent barriers. These barriers are designed to prevent unauthorized access and confirm user identities by validating multiple aspects of each user.

Setting up an invisible barrier definitely has its benefits. It allows you to enforce stronger authentication without having to inconvenience your end-users because it is automatically performed each time they login. Your end-users don’t even notice, unless they are outside of the established parameters and are unable to access their account. This method can be a very good way to know who is behind the keyboard.

Moving Forward

Since the begging of time there have been people out there pretending to be someone they are not. These are not the “fake it until you make it crowd,” these are the deceptive crowd who are out there, knowing they are doing wrong. They don’t care that it will ultimately end up hurting someone or destroying something. Although there is no way to rid the earth of these people, there are ways to protect yourself and your infrastructure from them.

There are times when you may not know who is who in the digital world. However, as an IT professional, you can implement certain solutions, such as contextual authentication, to determine who exactly is behind the keyboard.