Several messaging platforms have availed end-to-end encryption service to their user developed to overcome any attempts at tampering or surveillance as no third parties can decode the information being stored or communicated. But what has raised concerns is that in spite of the end-to-end encryption availed by well-known messaging platforms such as WhatsApp, Viber, and Facebook Messenger, the sensitive data of users is susceptible to hacking.
A research report has emphasized on the significance of what is known as an “authentication ceremony” to assist alleviate the risk. A research team at the Brigham Young University (BYU), Utah, the United States, found that a majority of users of famous messaging apps such as WhatsApp, Viber, and Facebook Messenger are leaving themselves uncovered to hacking or fraud as they are uninformed of significant security alternatives such as “authentication ceremony.”
The authentication ceremony is basically a security practice to make certain that the individuals involved in a conversation are genuine. It can be done by recognizing the message recipient prior to sending out any confidential or sensitive data. Elham Vaziripour said that as several users are oblivious of the ceremony and its worth, it is possible that a man-in-the-middle attacker or malicious third party can snoop on their chats.
The research team carried out a two-phase trial in which they urged the study volunteers to share with another volunteers a credit card number. Participants were cautioned about the likely threats and motivated to ensure their messages were private. In first phase, only 14% of users managed to effectively validate their receiver, whereas others choose ad-hoc security measures such as asking their partners for details regarding a shared experience.
After the team emphasized the significance of authentication ceremonies in the 2nd phase, almost 79% users managed to effectively confirm the other party. Nonetheless, the volunteers averaged 11 Minutes to substantiate their partners. Daniel Zappala, Computer Science Professor, BYU, said, “Once we informed individuals regarding the authentication ceremonies, majority of them could do it. However, it was not easy, individuals were irritated and it took them too long.”
Majority of individuals do not spend time or make effort to comprehend and utilize these security measures as they do not experience noteworthy security issues. But always, there is a threat in online conversations. The team is now functioning to develop a technique that makes the process of authentication ceremony automatic and quick.
Vaziripour said, “If we can execute the authentication ceremony secretively for users effortlessly or automatically, we can tackle these issues without requiring user education.”