min read

Introducing 4FA

4FA leverages the trust you already have in your close contacts so that you can protect each other.

Next-Gen Auth

4FA is Fourth-Factor Authentication. You’re probably very familiar with 2FA online, but you definitely use 1FA and 3FA (probably without even realising it). You’ll soon be using 4FA.

The following table with get you back up to speed:

Here's the simplified version:

  1. 1FA means ‘passwords’ or ‘something you know’
  2. 2FA means ‘devices’ or ‘something you have’ like your smartphone
  3. 3FA means ‘biometrics’ or ‘something you are’ like a fingerprint
  4. 4FA means ‘contacts’ or ‘someone you know’ like a friend or family member
The primary authentication factors

How it works

4FA takes advantage of the trust you already have in your close contacts. You can assemble your personal recovery team and vouch for each other. Service providers can choose to accept this as a valid method of authentication in specific situations and grant you access to your account.

Use Cases

In what situation does 4FA work best? 4FA is made for Account Recovery.

4FA is that great example of a win-win situation - it is a win for users and service-providers alike. 4FA makes state-of-the-art account recovery available to users and the service provider can have stronger guarantees about the legitimate account holder and be more cost-effective than with their legacy account recovery features.

Let’s live in a digital world where the intended users access the intended accounts securely, forever. This effectively turns social engineering from attack into defence.

The state of 4FA

Where is 4FA today? We’re seeing versions of 4FA starting to pop up across the internet in the 2020’s. It is a fragmented landscape so 4FA is sometimes called different things. For example:

  • Social recovery
  • Trusted contact(s)
  • Delegated recovery/contact(s)

See Facebook’s Trusted Contacts feature and Apple’s equivalent coming to iOS 15 in Q3 2021.

Not only is 4FA called different things, it is implemented in wildly different ways. To date it hasn’t been implemented correctly at all. That’s why we’re working on strong 4FA with Sharehold.

Some of the classic mistakes so far are:

  • Limiting the contacts to having their accounts on the service provider or within the same ecosystem
  • Paywalling the feature
  • Limiting the scheme to a fixed number of contacts
  • Not being flexible enough to accommodate changing relationships/trust over time

I’m sure there will be many more mistakes and distractions, but we’re focussed on bringing strong 4FA to the internet with Sharehold.

4FA and you

You can experience strong 4FA account recovery today by trying out Sharehold and inviting your close contacts to build up your personal recovery team. This will help to protect your accounts and theirs.

Brian Manning