Zindi
CompeteJobsLearnChatLeaderboard
For BusinessPartnersMeet the teamPressCase studiesAI4EAC
Primary competition visual

ITU Digital Financial Services Blockchain Secure Authentication Application Challenge

Helping Albania, Algeria
and 188 other countries
  • Albania
  • Algeria
  • Andorra
  • Angola
  • Antigua and Barbuda
  • Argentina
  • Armenia
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Bangladesh
  • Belarus
  • Belgium
  • Belize
  • Benin
  • Bhutan
  • Bolivia (Plurinational State of)
  • Bosnia and Herzegovina
  • Botswana
  • Brazil
  • Brunei Darussalam
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cabo Verde
  • Cambodia
  • Cameroon
  • Canada
  • Central African Republic
  • Chad
  • Chile
  • China
  • Colombia
  • Comoros
  • Congo (Republic of the)
  • Congo (Democratic Republic of the)
  • Costa Rica
  • Côte d'Ivoire
  • Croatia
  • Cuba
  • Cyprus
  • Czechia
  • Korea (Democratic People's Republic of)
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Equatorial Guinea
  • Eritrea
  • Estonia
  • Eswatini
  • Ethiopia
  • Fiji
  • Finland
  • France
  • Gabon
  • Gambia
  • Georgia
  • Germany
  • Ghana
  • Greece
  • Grenada
  • Guatemala
  • Guinea
  • Guyana
  • Guinea-Bissau
  • Haiti
  • Honduras
  • Hungary
  • Iceland
  • Indonesia
  • India
  • Iran (Islamic Republic of)
  • Iraq
  • Ireland
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jordan
  • Kazakhstan
  • Kenya
  • Kiribati
  • Korea (Republic of)
  • Kuwait
  • Kyrgyzstan
  • Lao People's Democratic Republic
  • Latvia
  • Lebanon
  • Lesotho
  • Liberia
  • Libya
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Madagascar
  • Malawi
  • Malaysia
  • Maldives
  • Mali
  • Malta
  • Marshall Islands
  • Mauritania
  • Mauritius
  • Mexico
  • Micronesia (Federated States of)
  • Moldova (Republic of)
  • Monaco
  • Mongolia
  • Montenegro
  • Morocco
  • Mozambique
  • Namibia
  • Nauru
  • Nepal
  • Netherlands
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • North Macedonia
  • Norway
  • Oman
  • Pakistan
  • Panama
  • Papua New Guinea
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Qatar
  • Romania
  • Russian Federation
  • Rwanda
  • Saint Kitts and Nevis
  • Saint Lucia
  • Saint Vincent and the Grenadines
  • Samoa
  • San Marino
  • Sao Tome and Principe
  • Saudi Arabia
  • Senegal
  • Serbia
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovakia
  • Slovenia
  • Solomon Islands
  • Somalia
  • South Africa
  • South Sudan
  • Spain
  • Sri Lanka
  • Sudan
  • Suriname
  • Sweden
  • Switzerland
  • Syrian Arab Republic
  • Tajikistan
  • Tanzania
  • United Republic of
  • Thailand
  • Timor-Leste
  • Togo
  • Tonga
  • Trinidad and Tobago
  • Tunisia
  • Turkmenistan
  • Tuvalu
  • Türkiye
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom of Great Britain and Northern Ireland
  • United States of America
  • Uruguay
  • Uzbekistan
  • Vanuatu
  • Venezuela (Bolivarian Republic of)
  • Viet Nam
  • Yemen
  • Zambia
  • Zimbabwe
  • Scroll to see more
$10 000 USD
Completed (over 1 year ago)
Blockchain
185 joined
32 active
InfoDataChatLeaderboard
Starti
May 02, 24
Enrolments closei
May 08, 24
Closei
Aug 26, 24
Reveali
Oct 15, 24
User avatar
Ergumen
BSA security
Help · 30 May 2024, 13:01 · 1

Given that we are working on a passwordless blockchain project and using email, username, and phone numbers for device registration, my concern is about security. Since these pieces of information are public, what happens if an attacker gains physical access to the mobile device used for registration? How do we ensure the security of our system in such a scenario?

Discussion 1 answer
User avatar
ariffolan

Hi Ergumen,

Olan here from FNSValue. Thanks for reaching out.

This is a great question! Here are a few security features we have in place for this scenario:

  1. Onboarding Information - Name and Username (aside from email and phone number) are part of our security measures, and these information are only used for device registration, and not for the authentication process. While some organizations may want specific usernames like employee IDs or account numbers, you can register any string of letters and symbols that are case-sensitive for these two fields. This prevents attackers from registering another person's account on a new device. Just remember them exactly in case you need to register a new device.
  2. Physical Access to the Mobile Device - BSA requires user authentication when the app is opened using the device's security method (such as biometrics or pattern). BSA also employs the same biometrics/pattern security layer prior to successfully authenticating a user. This ensures that no one else, even with physical access to the device, can access it without the user's approval.

I hope this answers your questions!

Olan

31 May 2024, 10:31
Upvotes 2

Join the largest network for
data scientists and AI builders

AboutFAQs
Privacy PolicyTerms of UseRules
Status
© Zindi 2026