Those who come in through the back door often have something to hide – and this also applies to the IT scene. For example, data spies can use back doors in token-based authentication solutions to steal information about companies. The company SecurEnvoy will be explaining how businesses can protect themselves from such prying eyes on stand H10 at Infosecurity Europe (29 April to 1 May, London). In a keynote entitled “Revolutionising 2FA to enhance the user experience”, Andrew Kemshall and Phil Underwood will look at the two-factor authentication solutions available on the market. They will also discuss security aspects relating to seed records, which are specific algorithms used to create passcodes for user identification.
The keynote will be given by Andy Kemshall, co-founder of SecurEnvoy, and Phil Underwood, Global Head of Pre and Post Sales, on all three days of the fair, between 11.20 am and 11.45 am in the SecurEnvoy-sponsored Technical Theatre. Firstly, the types of two-factor authentication solutions currently available on the market and their login options will be described in the form of an overview. Special attention will be devoted to user experience (UX) and ease of use. When considering the issue of security, the lecture will focus on seed records in particular. These are specific algorithms that are used to create passcodes. Some vendors save copies of these seeds. The problem in this respect is that, depending on the legislation, government authorities and agencies may be able request to see these copies without requiring the authorisation of the company concerned. The authorities can then reproduce the seeds and track the respective company login procedures without being noticed.
Split seed records increase security
To prevent this happening, SecurEnvoy splits seed records into two parts. In their lecture, Kemshall and Underwood will explain the exact procedure and confirm that no seed records are stored at SecurEnvoy, all seed records are generated locally by the client. The patented tokenless two-factor authentication solution developed by SecurEnvoy makes use of mobile devices rather than dedicated tokens. This permits flexible delivery options regarding the passcode required for user identification purposes. Users can receive such passcodes via SMS, email or landline call, or generate them in a soft token app. The recently released Server Version 7.2 also includes the “One Swipe” option as a new feature. For this, the user needs neither an Internet connection nor mobile phone reception nor a landline connection. To enable authentication, the user generates a one-time-valid QR-code in a soft token app for smartphones, and subsequently photographs (scans) this with the webcam on a laptop or similar. This allows the user to unambiguously prove his or her identity.
Further information about soft tokens is available at http://www.securenvoy.com/two-factor-authentication/soft-tokens-explained.shtm.