Two-factor Authentication on your Mobile Phone

Try-it-live in the demo lab
The SMS PASSCODE demo lab enables you to quickly try the solution on your own mobile phone. To try it live, click here to register in 3 simple steps:
• Create a unique account with the users own mobile phone in less than 2 minutes
• Conduct a complete two-factor authentication login using the user mobile phone

Two-factor Authentication describes any authentication mechanism that requires two components to identify and authenticate a user. The two components of two-factor authentication are simply:

1) Something you know in the shape of user name and password
2) Something you have in the shape of a mobile phone

Traditional security schemes used username and password pairs to authenticate a user. This method produces a minimum level of security, since usernames and passwords are easily guessed or intercepted. In two-factor authentication, the password still furnish the “something you know” component where as the “something you have” component, usually is provided by a hardware device, such as a token or a mobile device that has a software token or a SMS token. SMS PASSCODE® replaces the hardware, software and even pre-issued SMS based token devices with a real-time, challenge- and session specific two-factor authentication using your cell phones SMS Text messaging system. This enables a a new generation solution that is fast to deploy and more secure.

To illustrate this, first you need to look at the old technologies. One of these devices is the token-device. It is a little piece of hardware that displays a one-time code, which is in sync with the system, that it provides access for. When the user enters this code the system will recognize the possession of that unique token and pair this with username and password to authenticate the user. The code is either a valid-till-used code or a code that changes every minute or so. Sometimes, these tokens are seen as software tokens or softtokens that are installed on mobile phones requiring extensive support of new operating systems and user errors. Even for the SMS tokens that are based on this pre-calculated method has a time window or a “valid until used” window opening it up for phishing from advanced threats on the internet.

Other older technologies leveraging two-factor authentication can also be implemented in the form of a certificate. A certificate is a digital key. Usually stored on a users hard drive as a “something you have” component that allows access when correctly paired with a username and password. The downside to this solution is that certificates just like passwords are easily stolen or intercepted. Due to this limitation, most two-factor authentication systems today, draw on token-devices. However, imagine the difficulties these hardware-tokens represent in the near future, where two factor is used for both employee logins, online banking systems or public services, online shops and web based services at large. Management, deployment and the need for a user to carry a batch of tokens makes this approach impractical.

SMS PASSCODE® offers a world leading technology to deal with these shortcomings by reducing the need to a single, network connected device – the users mobile phone. The solution enables a session specific log-in process that validates the specific user ID and password against a session specific one-time code sent to the users mobile phone. In other words, when a user logs into a system, SMS PASSCODE© checks if User ID and Password match, then sends a passcode to the users mobile phone, verified against the log-in session and if cleared, passes through the user. Tokens and other solutions that do not deploy this deep level of challenge/session and message based security used in SMS PASSCODE®; are easy targets for today’s identity hackers.

Try-it-live in the demo lab
The SMS PASSCODE demo lab enables you to quickly try the solution on your own mobile phone. To try it live, click here to register in 3 simple steps:
• Create a unique account with the users own mobile phone in less than 2 minutes
• Conduct a complete two-factor authentication login using the user mobile phone

More secure login process: The SMS PASSCODE solution is unique in the sense that the SMS real time service enables that the solution can incorporate a more secure login process prompting the user to first pass a user name and password challenge before a code that is valid only for that login attempt is generated real-time and send via SMS to the users phone. This protects against the modern threats like the Zeus malware that can compromise traditional tokens. There are other SMS based solutions but we are not aware of others that deploy this challenge based login that uses a session-specific code for increased security.

• Plug-and-play installation: The solution plugs directly into all the leading login systems including VPN systems, Web systems like Microsoft and Citrix as well as VMware’s Windows Deskop systems.

• Fault tolerant and scalable: It is designed from the ground up as loosely coupled components that can be distributed making it both fault tolerant and infinitely scalable. Components can be added and removed on the fly for 24/7 operation and redundancy is across all components including multiple SMS transmission services for carrier redundancy or global scale

• TCO is half that of a token solution: Over a 4 year period, the total cost of ownership is typically 40-50% of a legacy token solution as you do not need to distribute physical hardware nor repurchase tokens after a period of time.

SMS PASSCODE has garnered international recognition for its product merits including being named to the prestigious Red Herring Global 100 most interesting privately held companies, a Secure Computing Magazine’s Top 5 Innovator and a Citrix Ready Solution of the Year finalist to name a few.

Try-it-live in the demo lab
The SMS PASSCODE demo lab enables you to quickly try the solution on your own mobile phone. To try it live, click here to register in 3 simple steps:
• Create a unique account with the users own mobile phone in less than 2 minutes
• Conduct a complete two-factor authentication login using the user mobile phone