The President, The biscuit and Zoho Oneauth

On March 30th 1981 outside the Washington Hilton Hotel, American President Ronald Reagan was shot when returning to his limousine. He survived but it was close. And in the commotion that followed, ‘The biscuit’ went missing. This is the nickname given to a small plastic card that is sealed shut inside a case that contains the codes that would identify the President over the phone if and when he wanted to give the instruction to fire a nuclear weapon. The biscuit was eventually returned to the President a couple of days later. The actual circumstances of where it had been is shroud in mystery with no official story released. This story has something to do with Zoho OneAuth I promise, but for now let us go over the basics of authentication.

The basics

The three factors of Multi-Factor Authentication are:

  • Something you have (possession)
  • Something you know (knowledge)
  • Something you are (being)
one auth

 

Having two of the same factors is pretty much useless, so for example having two passwords for the same website or having two pins for your bank card. And with the modern capabilities of computer power, an 8-character password in theory can be cracked in around 45 seconds. This is why you need both your bank card and your pin number to withdraw cash since this is something you have plus something you know. If we talk about something you are, this would include your face or your fingerprints in modern security. It’s easy to forget something you know or lose something you have yet it is very tricky to not be something you are.

In theory there is a fourth factor which would be somewhere you are. For example, if you pop to the local supermarket and then 10 minutes later your card is used across the other side of the world, your bank will generally stop the transaction and give you a call. However, in the world of modern computing with VPN’s and proxies available, somewhere you are really doesn’t really play any factor.

The Biscuit

If we return to our original example of authentication, whilst many people at the time (it was the height of the cold war) believed that the biscuit was the one simple way to fire off a nuclear weapon, it was a little more complex than that. This is the earliest example of multifactor authentication and paved the way that we look at authentication today.

Something you have is quite an obvious one, you needed to have the actual Biscuit and the codes within. Something you know is when you opened the Biscuit. It had many codes printed on the cards and all were false apart from one. The President would have been told the position of the real code when he first took office. He would also be told each time the Biscuit was changed. For something you are, the phone line the President would need to contact has no number. It can only be contacted via a secure military phone. This phone would be handed to the President by one of his security team who would obviously not hand this phone to anyone but the President.

OneAuth

Zoho have released a small lightweight app called OneAuth. This app brings together the various ways of authenticating who is accessing your account. When a log in attempt is made, you will be required to authenticate the log in. You also have the option of choosing how to authenticate:

  • Biometric – Face ID (iPhone X) and Touch ID (fingerprint, in Android)
  • Push notification – A push notification on your mobile phone when logging in
  • QR scanning – Scan a QR code to verify your identity
  • Time-based OTP – A numeric code, that lasts 30 seconds, to authenticate your login

You are also in control of how strict you would like the authentication. If you trust your personal laptop then you will not need to authenticate again for a time period that you can control. Another great feature is that you can also log out any other device that is currently logged into your account directly from the app. Quite possibly the best feature about OneAuth is that it’s completely free to set up and use for your account. This proves that Zoho really do care about your security and the protection of your data.

zoho auth

If you would like more information regarding OneAuth then please contact us. We would be happy to show you around the app and set it up for you. We are also available to help with any other questions you may have regarding Zoho and their products.