Musings on personal and enterprise technology (of potential interest to professional technoids and others)

Saturday, November 3, 2007

PhoneFactor rings up two-factor authentication

An interesting alternative to the common RSA SecurID key fobs (that generate new keys every 60 seconds for secure remote login):

PhoneFactor rings up two-factor authentication: "...Using the phone as the second part of a two-factor authentication system isn't a novel concept, but it's one that's being implemented more and more as of late. Some banks, such as ASB and Bank Direct in New Zealand, have implemented a phone-based authentication system called Netcode for their Internet banking users in recent years. The phone-based authentication system's low overhead is an attractive way to offer another layer of security on top of what's already available for banking customers. If implemented widely, such a system could provide a much-needed layer of security for banks to combat those that customers are apparently ignoring. PhoneFactor is compatible with all servers that use Remote Authentication Dial In User Service (RADIUS), according to Positive Networks CTO and former Ars Technica contributor Steve Dispensa. This includes Microsoft's IIS servers and Linux servers that support Pluggable Authentication Modules (PAM). The service is being offered for free in single-server form from Positive Networks, with multiserver support, enterprise modules, and Active Directory integration expected within the coming months."

No comments: