Mobile authentication uses mobile devices as software tokens for multi-factor authentication in place of other authentication methods such as hard tokens, smart tokens or smart chip cards. Two-factor authentication (T-FA or 2FA) is a system wherein two different factors are used in conjunction to authenticate security date. Using two factors as opposed to one factor delivers a higher level of authentication assurance.
Mobile Authentication Token Convenience
The key advantage of mobile authentication is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass can be provided and managed at a fraction of the true cost of a hardware token solution. Thanks to its flexible framework, the application can also be updated to guard against new security threats.
SolidPass supports the following mobile authentication methods:
- Event-based One-Time Password (OTP)
- Time-based One-Time Password (OTP)
- PIN control mandatory/optional
- Security Question
- Transaction Data Signing (TDS)
- Mutual Authentication
SolidPass strong authentication works on a number of mobile platforms. The mobile platforms supported include:
- Android Mobile Authentication Token
- Blackberry Mobile Authentication Token
- Brew Mobile Authentication Token
- iPhone Mobile Authentication Token
- Java ME Mobile Authentication Token (J2ME)
- Linux Mobile Mobile Authentication Token
- Palm Mobile Authentication Token
- Symbian Mobile Authentication Token
- Windows Mobile Authentication Token
SolidPass mobile authentication can be used to prevent the following:
- Phishing Attacks
- Pharming Attacks
- Man-In-The-Middle Attacks
- DNS Cache Poisoning Attacks
- Trojans Attacks
- Man-In-The-Phone Attacks
- Browser Poisoning Attacks
Mobile Authentication Token Embedded
SolidPass is a mobile authentication token built such that it can be used as a standalone product or embedded in mobile applications such as mobile banking. Thus strong authentication can be built into standalone applications.
Regulatory requirements are pressuring organizations to adopt stronger authentication methods and to secure access to data systems and applications. Static username/password identity management no longer provide enough security to authenticate users accurately. This has led to adopting two-factor authentication systems. Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to mitigate data theft, prevent fraud, protect customer information and patient privacy. SolidPass helps organizations and enterprises comply with regulatory regimes that cover authorization rules and auditing protocols.
In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.
For the banking industry, 2FA is quickly becoming a mandatory offering for online and mobile banking.
- FFIEC Guidance on 2FA
- PCI Data Security Standards
- FACTA Identity Theft Red Flags
OATH Compliant Tokens
As a member of the Initiative for Open Authentication, SolidPass mobile authentication tokens are built OATH compliant. SolidPass uses the standards-based HOTP algorithm endorsed by OATH, providing compatibility with third-party software.
Hardware tokens have a limited life span. After their obsolescence, they have to be discarded and new ones have to be issued. By contrast, mobile tokens are a virtual product using existing hardware, thus minimizing negative externalities.