Chicago, Dec. 10, 2012 (GLOBE NEWSWIRE) -- As headlines once again warn that mobile two-factor authentication has been beaten by Eurograbber Zeus variants, Andy Rolfe, chief technology officer at authentication services provider Authentify, scratches his head. "I understand a controversial slant to a story gets the story read, but generalized headline declarations that two-factor authentication has been beaten are not accurate", says Rolfe. "There are many two-factor solutions that are safe and offer strong security, but you have to be sure and adapt only effective protection for newer mobile environments."
Two-factor authentication means simply that the user must provide a second piece of information or credential to complete a logon or transaction process. Banks and ecommerce providers were quick to use customer's mobile devices as a second factor using a very basic--and very vulnerable--practice of texting a one-time password (OTP) to a mobile device, which is then entered to confirm transactions or logins. Unfortunately, this method has proven vulnerable to exploits for some time now and is once again in the headlines.
While it is important to warn bankers by bringing the weakness of text-based OTPs to light, it is a disservice to generalize and imply that all mobile two-factor authentications are insecure. Not all two-factor authentications are created equal.
Authentify wants to assure its clients that its 2CHK two-factor authentication technology offers much stronger protection that is effective against the Eurograbber Zeus variants.
"For instance," explained Rolfe, "Authentify offers a mobile app called 2CHK that features dual encryption and establishes a second communication channel to the financial institution's back office. The user double checks their transaction details via the 2CHK app, and communicates their approval or cancellation back to their institution via this secure second channel. It's a two-factor solution and it hasn't been beaten."
At the recent Gartner Identity and Access Management Summit, Rolfe presented a session in which he detailed how mobility and the greater power of intelligent personal devices, (IPD's) such as smart phones and tablets, with proper consideration can contribute to greater levels of security, not less.
"It's unfortunate that two-factor authentication gets universally labeled as beaten in mobile environments when the proliferation of devices and the increase in their power offers more ability to deploy effective two-factor workflows," said Rolfe.
More information is available at www.authentify.com, and a copy of Mr. Rolfe's presentation can be obtained by contacting Authentify at info@authentify.com.
About Authentify, Inc.
Authentify, Inc. is a leading global provider of telephone-based Out-of-Band (OOB) authentication services. With a client list that includes five of the world's top ten banks, three of the five largest ecommerce websites and two of the top four insurance companies in North America, Authentify has the most experience and expertise in deploying OOB solutions in the industry. These multi-factor authentication (MFA) services enable organizations that need strong security to quickly and cost-effectively add two-factor or multi-factor authentication layers to user logons, transaction verifications or critical changes such as adding an ACH payee, resetting passwords or changing contact information. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing access control, and emerchants who want to limit fraud on their sites.
For more information, visit Authentify at: www.authentify.com.
Authentify is protected by numerous granted and pending U.S. and
International patents including
U.S. PATENT NOS. 6,934,858 / 7,383,572 / 7,461,258 / 7,574,733.