Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/18/2013
07:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CertiVox Launches M-Pin Upgrade To Stem The Flow Of Lost Usernames And Password

Upgrade allows users to log into services on a PC using their smartphone, eliminating all security concerns

London, UK – November 14, 2013 – CertiVox, a leading provider of authentication and encryption software and services, today announces a mobile enhancement to M-Pin, allowing users to log into services on a PC using their own smartphone, eliminating security concerns around using different PCs. With over 93 million identities reportedly lost in 2012[1] alone by high profile organisations, M-Pin provides strong multi-factor authentication which is designed to replace the vulnerable username and password login system for digital services.

M-Pin is based on strong elliptic curve cryptography and delivers multi-factor authentication for websites, enterprise and mobile applications, using HTML5 web apps, meaning no browser plug-ins or software is required. The M-Pin platform removes the need for username/password combinations, often the target of choice for hackers, instead giving the end user a four digit PIN to enter for access to content and services. The M-Pin mobile client also alleviates concerns about accessing services from a PC not under a user's control, by allowing login through the users' smartphone.

M-Pin is able to eliminate usernames and passwords as an authentication mechanism entirely, and removes the largest cyber-security threat, the password database. Authentication is performed between the M-Pin Client and the M-Pin Authentication Server using the M-Pin Protocol, a zero knowledge proof construct. The result is that the M-Pin server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. In addition, M-Pin operates on a principle of distributed trust, whereby the root key generators are split between CertiVox's servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful.

Brian Spector, CEO, CertiVox comments, "The response of many companies to the increasing threat to usernames and passwords is to add additional layers of security. However these measures often frustrate users as they diminish the ease of use and experience of some services, and they do not solve the problem. The inherent problems with storing such complete information on one server and the fact that many users tend to use the same password across multiple online accounts also shows that it is time for companies to move beyond username and passwords. M-Pin offers an advanced, easy-to-use and cost effective solution to this problem, eliminating the inherent vulnerability – the username and password database."

Eckhard Freund, Manager Infrastructure Europe at Dematic, a global logistics and materials handling company, made the following comments on their selection of M-Pin: "We chose M-Pin as part of our initiative to bring VPN and network services within our organisation, as we were impressed by the reinforced security that we are afforded by the product. We found M-Pin easy to deploy and work into our redesigned system architecture, and due to the success of the project we are considering extending M-Pin to cover our customer portal."

About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox's proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit www.certivox.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.