Protecting data and preventing ID theft are major concerns in this digital age. As we access and upload personal and sensitive data on a more regular basis, making sure that these environments are secure is a major factor for users and businesses-alike. Despite its simplicity, SMS-based two-factor authentication (2FA) has become one of the answers to this problem, with bespoke financial solutions, Google, Facebook and Twitter all adopting this method to secure their services and data.
Traditional security schemes used to rely on using a username and password to authenticate and give permission to a user to access corporate networks, Software-as-a-Service (SaaS) and cloud applications. However, in this ever increasing security-conscious environment, especially in the financial services sector, where confidentiality and information integrity are paramount to satisfy FSA regulations, users are commonly using a secure VPN connection as well as ‘two factor’ authentication.
The second factor relies on the user possessing a piece of hardware, which used to be a key fob token, to generate a second layer of security. However, due to the proliferation of mobile devices, key fob tokens are becoming obsolete and mobile phones are becoming the preferred device of choice, resulting in a large reduction in costs.
Sending Secure Passwords
Once a user initiates the login process, whether this is an employee wanting to access the company network or a customer logging in to online banking, a One Time Password (OTP), also known as an SMS Token, can easily be sent to their mobile phone via SMS through the SMS service provider’s gateway. This can either be in real-time or pre-sent, including multiple OTPs to cut costs, depending on the user’s requirements.
This methodology can also be adopted to enable customers to reset their own passwords if required, thus freeing up often overburdened helpdesk teams that would normally have to assist with the change and also identify the user. This technology is usually OAuth-compliant and links to the user account in Active Directory.
SMS 2FA Integration
Many bespoke security software companies offer this service within their portfolio. M:Science works closely with many of these companies, either providing the SMS gateway or by helping to develop bespoke solutions and fully integrating SMS 2FA within a specific product.
M:Science’s Web Service is embedded in SecurEnvoy’s two-factor authentication products, SecurAccess and SecurPassword, to provide a secure gateway connection to deliver OTPs and passcodes to end users. These products are in turn used by a number of leading financial and government institutions. As well as providing an SMS service to SafeNet, M:Science also worked closely with the security provider to integrate SMS 2FA into one of its clients’ software solutions.