The Tech Herald

Profile: PhoneFactor – a free twist to two-factor authentication

by Steve Ragan - Nov 2 2009, 20:33

PhoneFactor – a free twist to two-factor authentication

Recently, we talked to a company that covers security from a different perspective. They offer a service that enables two-factor authentication with a device that almost everyone on the planet has, a cellular phone. While others can offer this service as well, this company starts with a free offering, and then as a business grows, they can pay to add more coverage.

PhoneFactor is a two-factor authentication security provider based in Overland Park, Kansas. The main point behind PhoneFactor is that people tend to lose the tokens and other items associated with two-factor authentication solutions. At the same time, almost everyone has a cellular phone.

The process for using PhoneFactor’s service is simple. A user starts by entering their username and password on a given site. Once they start to login, they will get a call on their phone and need only to press #, or enter a pre-defined PIN, to confirm their identity. Once the identity is confirmed, thanks to the PhoneFactor agent working in the background, the process is complete and the user is fully authenticated.

The PhoneFactor agent will allow integration into VPN services, RADIUS, Outlook Web Access, Citrix, SSO systems, as well as LogMeIn. However, they also offer an SDK for developers to tie the service into almost any application. The SDK is available for ASP.NET (VB and C#), Java, Ruby, Perl, and PHP.

To use the service, all one needs to do is register. Businesses with 25 seats or less will not be charged for usage. (This is limited to 30 calling zones listed here. Any business outside those zones can register and get a $5.00 USD credit added to their account for a trial period.)

PhoneFactor is interesting to us for two reasons. The first is the ability to add two-factor authentication to any given application without the need to re-code things from scratch. This is where the SDK and agent sing. The other interesting aspect is that they essentially give the service away to SMBs.

A company who needs this level of authentication security would spend thousands on a solution, a level of funding that isn’t always available. Granted, the free version is limited on some areas, but the basics are covered, and for some organizations this will help.

So why then, would a business care about or invest in this? In a recent PhoneFactor survey, 72-percent of the 250 IT professionals surveyed said that usernames and passwords were not enough to protect access to corporate data. While the survey could appear biased, the fact that IT professionals understand usernames and passwords alone are not enough is the takeaway point.

Security needs layers to work. Two-factor authentication is just one of the many layers available to businesses. Using a phone over a USB token or other two-factor device just seems like a simple way to hook into this layer of protection. There are compliance issues, PCI-DSS 8.3 comes to mind here, but security for the sake of compliance alone often never works.

There is the Malware angle of security as well. One of the things PhoneFactor talks about is how this level of protection will stop Malware aimed at financial transactions for any given business. To back this claim, they mention the SilentBanker Trojan, first seen in 2007 as a direct attack on online banking, and Clampi, which infected close to half a million computers earlier this year.

“This particular Trojan is targeting businesses, not consumer banking, in hopes of gaining accesses to higher balance accounts. And it circumvents security tokens and one-time-password technologies designed to protect online banking users. The best method of protection against these threats is out-of-band authentication, which verifies a user’s identity through a separate channel,” a PhoneFactor statement on Clampi explains.

For small business with one or two applications that could use the boost in security, the free offering is worth a look. If you need more than two, test the free service and then reach out to PhoneFactor for a quote. The actual cost will depend on the number of seats.

In the end, when we heard about PhoneFactor, we figured what they offered was worth sharing. If you are a current customer, or have tried their service, leave us a comment and let others know what you think.

 

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  â€” as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.

#MyTurnToJag and Playboy: How Jaguar targets men

Jaguar has launched a new Twitter campaign called #MyTurnToJag to advertise its new F-Type â€” as well as teaming up with men’s magazine PLAYBOY. The #MyTurnToJag competition gives members of the public the chance to drive one of their new sports cars. And it comes after the firm helped announce Raquel Pomplun, left, as Playboy’s Playmate of [...]

The post #MyTurnToJag and Playboy: How Jaguar targets men appeared first on Autosaur.