2CHK out-of-band mobile or PC service for two-factor authentication replaces weak password security

August 16, 2012

4 Min Read

PRESS RELEASE

CHICAGO, August 15, 2012 – IT and Internet industry experts are increasingly calling for two-factor authentication to replace weak password security as each passing week brings more high profile data breach incidents:

Ø Dropbox is adding two-factor authentication, after a stolen password was used to access an employee’s Dropbox account containing a document with users’ email addresses

Ø The head of Google’s Webspam team Matt Cutts is recommending Google users turn on Google’s two-factor authentication

Ø Wired reporter Mat Honan, in his excellent blog analyzing his own victimization in an “epic hack,” admits that had he used two-factor authentication with Gmail he might have interrupted the chain of events the hackers used

Ø LinkedIn’s June data breach reportedly made some 6.5 million passwords public on a Russian hacker site, and the company now faces a $5 million-plus lawsuit

Authentify wants to reassure its current and potential clients that its new 2CHK app and out-of-band (OOB) authentication service provides an effective, convenient and inexpensive solution for any company seeking to protect its online clients using two-factor authentication.

Here’s how it works. The end user activates a small, convenient app on their smartphone or PC and links it securely to their company login account or identity directory using voice or SMS-based OOB authentication. Once this is done, the 2CHK app is “always on” and maintains a secure channel to Authentify’s authentication service.

The first key benefit is security. 2CHK complements IT or online and mobile banking security by providing a completely separate app and OOB channel that protects against stolen passwords and, due to layers of encryption, cannot be defeated by man-in-the-middle and man-in-the-browser attacks.

The second key benefit is convenience. Customers see transactions in the 2CHK app and can confirm or reject them easily. This contrasts with traditional OOB implementations that send a one-time password (OTP) number using a phone call or text message, which the customer then re-enters separately in the login window, or online or mobile bank app.

Another important advantage is this gets consumers more directly involved in monitoring their own accounts using their own mobile devices. This imperative was underscored in the banking industry by a recent survey showing that 82 percent of the time, customers report fraud to the bank before the bank hasdetected it.

“The threats to online environments and digital property have evolved dramatically in the last few years,” according to Andy Rolfe, the chief technology officer at Authentify. “End users and the defenses on which they rely to evolve as well – or they fail. It’s a progression as old as time.”

“Out-of-band authentication can save your digital assets, so to speak,” added John Zurawski, vice president at Chicago-based Authentify. “Both NIST and the FDIC have cited the strength of our type of phone-based out-of-band authentication for protecting government and financial accounts. As more of our lives become virtual, more is at risk. Many folks lock up their important papers and valuables in the real world. Stronger protection in our cyber world simply makes sense.”

Authentify introduced telephone-based OOB authentication to the market and today has the most industry experience and expertise in deploying solutions and providing services. A proven and effective countermeasure recommended by federal authorities, regulators and leading consulting firms, OOB authentication is used by banks and ecommerce providers to protect against man-in-the-browser attacks designed to steal login credentials or hijack online sessions. The capability to add OOB safeguards within multiple layer security models fulfills industry best practices as recommended by the FFIEC, Gartner Research, Inc., the FBI, the U.S. Secret Service and NACHA. Authentify recently participated in proposals submitted to the U.S. government’s National Trusted Identities in Cyberspace initiative hosted by the National Institute of Standards (NIST).

About Authentify, Inc.

Authentify, Inc. is a leading global provider of telephone-based Out-of-Band (OOB) authentication services. With a client list that includes five of the world's top ten banks, three of the five largest ecommerce websites and two of the top four insurance companies in North America, Authentify has the most experience and expertise in deploying OOB solutions in the industry. These multi-factor authentication (MFA) services enable organizations that need strong security to quickly and cost-effectively add two-factor or multi-factor authentication layers to user logons, transaction verifications or critical changes such as adding an ACH payee, resetting passwords or changing contact information. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing access control, and emerchants who want to limit fraud on their sites.

For more information, visit Authentify at: www.authentify.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights