User authentication and security improvements for a large B2C platform

One of the leading telecommunications operators in Poland and part of a Western-European telecom consortium, this client needed seamless user authentication and security improvements for its self-care platform.

The project involved implementing advanced authentication features within the self-care platform to bolster security measures. The primary objective was to mitigate the risk of unauthorized access to the platform’s accounts by overhauling the existing authentication system. Additionally, the initiative sought to enhance user experience by adopting passwordless registration and login methods. The new authentication framework leveraged Public-key cryptography and FIDO2, a leading standard for authentication on mobile devices that supports biometric authentication. This enabled customers to opt for biometric authentication via fingerprint or facial recognition or using a PIN code for access. The solution was underpinned by OAuth 2.0 and JWT (JSON Web Tokens) authentication mechanisms to ensure robust security measures. Additionally, the implementation seamlessly integrated with the client’s existing frameworks, including Spring, Spring Boot, Micronaut, and Redis, which facilitated a smooth transition and compatibility with the existing infrastructure.