06 Sep Mnemonica Due: Simplicity in Security

Rules and exceptions

Imagine Mnemonica as a fortified citadel. Inside, among the neighborhoods of the Projects, the houses of the Screening Rooms, and the roads of the Delivery Boxes, life flows peacefully. Residents have the quiet knowledge that the designers have left no weak points in the battlements, and no secondary entrances.

Of course, formidable walls pose obstacles to everyone, to the well-intentioned as well as to the malicious. It’s a universal rule: the more security, the more complications. However, being aware that some difficulty serves to guarantee the city and the treasures it contains makes it easier to accept it.

But this is not true for everyone, and not always. How do we know? We’ve learned it from our users along the way. We work a lot with them, it’s the main way we thrive. In fact, the theoretical necessity for maximum security must comply with real-life requirements. In our specific case, digital asset management in the realm of film/tv production, we found out these two further “unofficial” demands.

• Unofficial Requirement 1. Some people are absolutely intolerant of hindrances, especially if repeated, whatever good reason there might be.
• Unofficial Requirement 2. Some people are entitled viewers but just passing by, and should be able to have their screenings without too much formality.

So we studied the dilemma more thoroughly, to devise how to make things more difficult for enemies, while at the same time easier for friends. It may sound like a paradox, but we know the best technology is the one that makes itself disappear.

Boosting security

First of all, we simplified the basic registration: the step of verifying a new user’s phone number with a One-Time Password has been cut off, so all one needs is an email address and a password. OK, that was easy.

Then we introduced Multi-Factor Authentication (MFA) which is now a standard security measure in internet services, as anyone with a Google or Apple account knows. MFA just means that you must prove your identity in more than one way at each access.

This normally turns out to be a headache for the lay user. But we did things differently, as we always strive.

Our MFA is not mandatory but rather left to personal choice. The owner of a project may require that only those who have active MFA can access her precious material. The question concerns only a user’s responsibility and the relationships between users, Mnemonica does not impose anything.

MFA is there to allow all Mnemonica users to boost their accounts to a higher level of security. Who activates the MFA does nothing but add to her account one or more authentication methods. At each access, she chooses one of these to be the second factor to cross with a primary factor, usually the password, to minimize the possibility of unauthorized access.

Of course the universal rule apply and there is an extra complication against a superior defense.

Balancing with simplicity

But this is where an awesome assistant comes to the aid: the Mnemonica mobile app and its fresh superpowers.

By activating at least one method, the mobile app automatically becomes your personal authenticator (besides your chosen methods). Access via the app is smooth and immediate, with no code to remember and enter. If you have a biometric ID on your device it’s the best: it becomes a trusted device and is always granted a transparent authorization.

That’s not all. The app controls all sessions on any device. It opens the doors of the web application, too. Next to the classic web login, we introduced the passwordless login: a QR code the app can scan and recognize through a device’s camera. Just accept the push notification on mobile, and you are in with zero input.

Again, it’s not only about simplicity but also security. With passwordless login you can access Mnemonica safely even from a computer in the world’s least secure network since there are no credentials for anyone to sniff and steal.

In its new role as a master key, the mobile app reinforces its function as a central component of the Mnemonica distinctive user experience: a combination of outstanding simplicity and over-the-top security.

Result: Simplicity in Security

As a result, here’s in short Mnemonica’s original concept of simplicity in security:

• Security as more power: not an awkward burden the system imposes on its users, but rather an instrument in the users’ hands to get more control over her content.
• Security as a loyalty benefit: we discourage fake accounts and side tricks to circumvent defenses, offering the best of Mnemonica experience to users with real, personal accounts.
• Security as a way to simplicity: using the mobile app as a passport we are coupling the highest security of MFA and biometric ID with the simplicity of passwordless login and trusted devices.

That’s as far as Unofficial Requirement 1 is concerned. A quick, one-time initial setup, and from then on you enjoy frictionless access with the mobile app.

Easy exits are better than easy entries

But what about Unofficial Requirement 2? What about the casual visitors that show up especially in the marketing and sales phases of the film/tv products lifecycle? They just need to view content occasionally, perhaps content already in circulation. They don’t want to take Mnemonica citizenship.

To deal with such audience there’s a widespread use of direct links and so called “user portals”. True to our security profession, we have never enabled them because they bypass defenses and are a frequent source of leaks. And we continue not to do so.

Our solution goes in the opposite direction: instead of creating dangerous ways in for strangers, we have paved straight ways out for data.

Specifically, we’ve added two first integrations to publish content directly to third-party external platforms for easy viewing (namely, Vimeo and Box by now). A simple “send to” in a file menu, and quick screenings with laxer security needs can take place outside of Mnemonica walls and rules. Content managers can handle them as freely as they see fit.

Conclusions

With this just-released set of interwoven innovations, Mnemonica Due reaches a security grade unmatched in the film industry. Despite this unique level of protection, Mnemonica retains and improves its original pleasantness, a UX for which it is renowned among technical professionals as well as among pure viewers.

Simplicity in security is this balance we are pursuing. Although it’s necessary to put security above everything else, by no means everything else should be shrouded by security.