Two-Factor Authentication Security
2012 and 2013 were busy years for cybercriminals. Security breaches occurred among numerous high-profile organizations, including LinkedIn, eHarmony, Adobe and IEEE, releasing user passwords and other personal information into the hands of hackers with malicious intent. Breaches like these not only compromise the privacy and security of users and corporations—they can seriously damage reputations and brands.
The increasing mobility of sensitive data—both personal and corporate—is a major security challenge to enterprises today.
Despite the high-profile breaches and the constant threat of cybercrime, the flow of information across the Internet continues to increase. Users embrace their mobile devices for all kinds of transactions and liberally download apps. And at the same time businesses look to BYOD for the productivity benefits it offers.
Whether the data at risk is personal information or corporate IP, cybercriminals will profit from accessing it. Enterprises know that their IT organizations and employees must be diligent and systematic about protecting the network infrastructure.
To address the increasing risk, enterprises should look at how they authenticate users. Outside the financial industry, most enterprises still rely heavily on single-factor authentication (such as username/password). Curiously, one recent study showed that technology companies rank much lower than financial and retail enterprises in implementing state-of-the-art security solutions. Too many companies still rely on usernames and passwords as the only gate to accessing sensitive data or to initiating a secure workflow, such as benefits enrollment, account activations, and payroll management.
Solution: Add security, retain convenience
Even while users are concerned about data privacy and security, and demand it for their personal information, they still want the convenience of quick and easy access. As the digital age advances, any enterprise that interacts with its audience—whether employees or customers—must look for ways to conduct those interactions securely.
Verifying user identity is one sure step toward that goal, and two-factor authentication is the solution.
What is the “factor” in authentication?
Authenticating identity can utilize three different factors:
- Knowledge —Something known only to the user, such as username and password
- Possession ― Something only the user possesses, such as a physical card, a mobile phone, or a security token
- Inherence ― A characteristic unique to the user, such as a fingerprint or other biometric trait
Using any two of these factors constitutes two-factor authentication (2FA). This type of authentication is not a new concept. Many financial institutions already utilize it for a variety of transactions, including account creation and access, bill pay, and funds transfer. And recently, leading global companies like Google, MSN, Dropbox, Yahoo and Evernote have adopted 2FA as their user verification method.
How does OpenMarket’s 2FA work?
Our 2FA solution leverages the knowledge and possession factors, and provides the latter as a PIN delivered to the user’s mobile phone via SMS. With the PIN conveniently in hand, the user can connect to the system or network via a more secure method.
Implementing 2FA is easy and you can deploy it globally. It’s popular with end users because it does not require any new or special hardware or software, and also doesn’t require the user to divulge biometric information such as a finger print or iris scan.
Two-factor authentication delivers benefits beyond added security. Because you’re using a platform that’s both scalable and extensible, you can start by implementing 2FA for one business process, and then extend it to integrate with other systems and workflows.
Benefits of two-factor authentication:
- Increased security of business-critical systems and data
- Increased ability to comply with regulatory requirements
- Reduced exposure to fraud claims
- Improved user loyalty and trust
- Greater sense of confidence and peace of mind
Benefits of OpenMarket’s solution:
- Flexible, scalable, extensible platform
- Support for multiple use cases such as network/system alerts, reminders, and surveys
- Configurable settings for PIN creation and management
Find out how the OpenMarket Mobile Engagement Platform can improve security verification