Multi Factor Authentication Made Easy with UNLOQ.io
UNLOQ is a London-based startup that provides simple & secure multi-factor authentication, transaction authorization and data encryption for organizations that seek to comply with GDPR. We sat for a chat with CEO Marcea Patachi to hear his views and give you a taste of what UNLOQ is all about. Share
The whole idea behind UNLOQ’s password-less security concept was born out of the frustration of losing an important password, which caused a series of unfortunate incidents. It was then when I figured there must be a different way to do it.
We incorporated in 2015. At that point my business partner and I already had a working product in the background, but we both had other jobs. By 2016 we had our first corporate client, which led us to grow our business substantially.
I started working in the IT sector about 12 years ago, after my graduation. Overtime, I worked as a business analyst, product manager and head of product development for different companies. I realized that in the process of building a product, security is often taken for granted. There are very few developers that emphasize security right from the beginning.
One of the problems today is that everything is about perimeter security and not enough about data security. Perimeter security is like a heavily guarded castle with walls and towers; once you manage to pass the gate, you have access to everything. In our view, that's a broken strategy, so we focus our efforts on protecting the data itself. It's a high level concept, that emphases encryption at the most granular level and strong user & device authentication and authorization. That is what we call the Atomic Seal and is at the core of everything we do.
What's unique about UNLOQ.io?
The market of multi-factor authentication is getting more crowded by the day, with new startups and a lot of competition.
Where we stand out is the level of customization that we bring. Using UNLOQ, our customers can build a mobile security app in a few minutes. Thus, they all have their own branded app in the app store, available for their users to download.
UNLOQ also allows for transaction authorization, so before making any payment, whether via your credit card or paypal, you'll have a push notification on your phone asking you if you approve the payment.
Finally, we provide personal encryption keys, which the client can use to encrypt and decrypt user data. Our customers have zero knowledge of user data, which makes us popular in the crypto-currency arena.
User habits are difficult to change. How does UNLOQ overcome that?
That’s probably our biggest challenge. We spend a lot of time making sure our interface is as user friendly as possible, and indeed, it's extremely easy to use, but people are accustomed to using passwords and changing that is hard. However, if you look at the corporate world, more and more businesses are starting to enforce security policies to their employees. In the future you will not be able to start your work until passing through a strong authentication process and that will include second factor in some shape or form. In time this is going to be pushed to consumers as well. The process has already started and we can see more and more large companies doing so.
How does UNLOQ help organizations to comply with GDPR?
GDPR talks a lot about security by design, and that's exactly where we can help organizations to comply. It's not going to be enough, but you will not be able to prove your compliance without securing the authentication process. UNLOQ demonstrates the fact that you've applied security by design. Of course, this is relevant not only to GDPR but also to other privacy and security regulations.
How can UNLOQ be integrated with content management systems like WordPress?
We have 2-Factor authentication plugins for WordPress and Plesk, and we're preparing to launch one for Magento as well. We don’t expect these plugins to generate a lot of revenue. For us this is our way of giving back to the community and making the internet a safer place. We've put a lot of effort into making sure the plugin is legit and easy to use.
What are your thoughts for the future?
I believe strong authentication will incorporate more and more factors, but not all of them will be visible to the user. Beside biometrics, behavioral and device related factors will be added to the authentication process. Also, in order to find a balance between user convenience and security, companies will adopt more and more adaptive authentication.
If we refer to cyber security in general, I believe that, even though tools that help companies protect their perimeters will evolve, more and more companies will look for solutions to protect the data. If you look no further than last year, you realize there’s not other way. In 2017 we passed the mark of 5 million data records lost/stolen per day from which only a bit over 4% where encrypted. The question nowadays is not if you’re going to be breached, but when, how and what an attacker will find when he gets to your database. Our view is that organisations will need to find ways to make the data in a particular database irrelevant to an outsider.