What is it ?
Pattern Recognition can be used as a security mechanism to unlock Android, iPhone and Windows mobile phones. Of the many unlock systems used, pattern unlock is one of the creative, good in design and rich in technology methods.
Here the user can use a design that looks for e.g. like a set up lock/unlock pattern, as shown below:
How cidaas makes use of Pattern Recognition for Multifactor Authentication?
Pattern Recognition is one of the Authentication types cidaas uses to authenticate users through Authenticator application.
As a prerequisite, the admin must enable the Multifactor authentication settings in the admin dashboard -make sure Pattern Recognition is enabled here.
Once the above setting is done, users can now configure their profile to enable MFA, and pattern recognition. For the very first time, the user needs to set up his/her cidaas Authenticator account. To do this:
1) Scan the QRCode provided on the web portal using the Authenticator App (i.e. profile settings section on the respective web portal- > Physical Verification Setup-> choose Pattern -> QR code.)
2) Configure the Pattern method as shown in the flow below: Where the user can set the pattern by first choosing a color and then user has to confirm the pattern. This pattern data will be sent to server for further processing along with the device-ID and the FCM token of the Smartphone.
3) This device-ID and FCM token is the basis for sending notifications during login.
4) When the user logs-in to the web portal/ any other service, he will get a notification to use his pattern. Only if this matches with the originally configured data -stored in cidaas server, will the user be successfully authenticated.
Once a Pattern is configured, during each subsequent login to the web portal, the user gets a push notification on his phone. On clicking this, user has to enter the valid pattern. This is sent and verified with the configured info on the server. If these match, the user is successfully logged in (see flow below). If the user fails to enter the valid pattern, log-in fails.
Below screenshots are from cidaas authenticator application (Pattern Recognition).
Download and Install the cidaas authenticator app from the link below, if not done so already.
On your dashboard page, go to Physical Verification Setup and select Configure button under the Pattern (cidaas authenticator app) option.
The following screen appears on the web.
To scan the QR code presented, open your downloaded cidaas authenticator app and click on Add tab.
Scan the QR Code displayed on your desktop.
Note: The above describes how to configure the authentication method on a desktop, i.e., The QR code is displayed on the desktop and it is required to scan the QR code using the cidaas Authenticator App installed and opened on a smartphone/mobile device. However, the configuration could also be done exclusively on through a mobile device without using a desktop, the steps for which are explained below:
If using the mobile browser to configure the chosen method of authentication the QR code scan need not be scanned. Instead, as dislayed in the screen above, you need to just click on "Open cidaas authenticator". It will automaticaly ask for the appropriate authentication information, based on the verification type chosen.
After scanning, the login screen is displayed on your phone. Login with your credentials.
At the same time, in your desktop, the loading screen appears and waiting for authentication.
Once logged in, you need to enter the pattern verification. Choose your pattern colour. Then draw your pattern and confirm the pattern again.
Now the pattern recognition is successfully configured.
Then, your app and your desktop screen will look like this.
During Login, select “click here for passwordless authentication, Enter your email ID and click Proceed. Select Pattern (cidaas authenticator app) to login
The multiple device screen gets displayed
The screen is in wait mode.
At the same time, push notification will be received in your authenticator app.
Click on that notification to view authentication request. The request shows the browser type, location and date/time, when the request was made (as in the below screen),
if you click allow button, it will continue to steps 4; Otherwise you won't be able to authenticate at this point.
On click of deny button the 'Notification Deny' screen will be shown, where user can select appropriate reason for denying the request and submit it. After that you won't be able to authenticate.
Now, you can see the pattern verification screen. Choose the pattern colour, you already registered during configuration and draw your pattern. Only if both match, can you login.
You have now successfully logged in.