CertiVox Launches M-Pin Upgrade To Stem The Flow Of Lost Usernames And Password

Upgrade allows users to log into services on a PC using their smartphone, eliminating all security concerns

November 19, 2013

3 Min Read


London, UK – November 14, 2013 – CertiVox, a leading provider of authentication and encryption software and services, today announces a mobile enhancement to M-Pin, allowing users to log into services on a PC using their own smartphone, eliminating security concerns around using different PCs. With over 93 million identities reportedly lost in 2012[1] alone by high profile organisations, M-Pin provides strong multi-factor authentication which is designed to replace the vulnerable username and password login system for digital services.

M-Pin is based on strong elliptic curve cryptography and delivers multi-factor authentication for websites, enterprise and mobile applications, using HTML5 web apps, meaning no browser plug-ins or software is required. The M-Pin platform removes the need for username/password combinations, often the target of choice for hackers, instead giving the end user a four digit PIN to enter for access to content and services. The M-Pin mobile client also alleviates concerns about accessing services from a PC not under a user's control, by allowing login through the users' smartphone.

M-Pin is able to eliminate usernames and passwords as an authentication mechanism entirely, and removes the largest cyber-security threat, the password database. Authentication is performed between the M-Pin Client and the M-Pin Authentication Server using the M-Pin Protocol, a zero knowledge proof construct. The result is that the M-Pin server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. In addition, M-Pin operates on a principle of distributed trust, whereby the root key generators are split between CertiVox's servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful.

Brian Spector, CEO, CertiVox comments, "The response of many companies to the increasing threat to usernames and passwords is to add additional layers of security. However these measures often frustrate users as they diminish the ease of use and experience of some services, and they do not solve the problem. The inherent problems with storing such complete information on one server and the fact that many users tend to use the same password across multiple online accounts also shows that it is time for companies to move beyond username and passwords. M-Pin offers an advanced, easy-to-use and cost effective solution to this problem, eliminating the inherent vulnerability – the username and password database."

Eckhard Freund, Manager Infrastructure Europe at Dematic, a global logistics and materials handling company, made the following comments on their selection of M-Pin: "We chose M-Pin as part of our initiative to bring VPN and network services within our organisation, as we were impressed by the reinforced security that we are afforded by the product. We found M-Pin easy to deploy and work into our redesigned system architecture, and due to the success of the project we are considering extending M-Pin to cover our customer portal."

About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox's proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit www.certivox.com

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights