With the release of our VerIDial product we are entering into the market for two-factor authentication mechanisms. This isn’t a new market and there are a number of existing products that provide the same basic functionality using various methods. One that most people will be familiar with is the key fobs provided by most UK banks for online access such as Barclay’s PinSentry or HSBC’s Secure Key. These devices enhance the simple security given by a password by adding a second factor. The principal behind multi-factor security is quite simple, each distinct method counts as a separate factor.

  1. Something you know (E.G. a password)
  2. Something you have (E.G. a token, or mobile phone)
  3. Something you are (E.G. Biometrics, a fingerprint, DNA or retina scan)

 

So, a password alone is a single-factor authentication mechanism, a password plus a token is a two-factor authentication mechanism. However, two different passwords still only count as a single factor since they both use the same method (something you know).

Since biometric based systems require a physical presence and tend to be a lot more expensive and less reliable, most two-factor solutions use a password plus pin. Dedicated pin generators such as those used by Barclay’s or HSBC are becoming less popular due to the need to buy and distribute a physical token. Most providers are switching to a system that generates pin numbers using your mobile phone or by sending from a central system via a text message.

For website owners, VerIDial provides a second factor by utilising your customers telephone line (something they have) to read out a pin to be used alongside your existing password based system. Unlike mobile based systems that install an app or send a text message, VerIDial does not require a mobile phone and works perfectly with landlines. Indeed, landlines offer significant advantages over mobiles for combatting fraud, unlike mobiles they are not disposable, are linked to a physical address and are more difficult to obtain using false details.

With recent break in at Twitter only one of many, it’s clear that the need for additional security to both prevent fraudulent signups and to reduce the impact of stolen passwords is ever growing. In the future single-factor authentication will be a sign of a poorly managed service and two-factor authentication will become the norm to protect personal data.

 

Sources

Barlcay’s PinSentry – http://news.bbc.co.uk/1/hi/business/6564645.stm, accessed on 23/05/2013

HSBC Secure Token – http://www.newsroom.hsbc.co.uk/press/release/hsbc_reveals_new_security_devi, accessed on 23/05/2013

SecurEnvoy  SecurAccess (SMS solution) – http://www.securenvoy.com/products/securaccess/overview.shtm, accessed on 23/05/2013

VerIDial – http://www.veridial.co.uk, accessed on 23/05/2013

Twitter Break-in – http://www.guardian.co.uk/technology/2013/may/22/twitter-two-factor-authentication, accessed on 23/05/2013