According to the International Telecommunication Union (ITU), there are now as many mobile phones as people in the world: about seven billion. Such devices have affected our communication behaviour and accessibility significantly over the past decades. It all started with text messaging, which was soon followed by video calling, and now we have web-based instant messengers and countless other apps. And mobile phones and smartphones can be enormously helpful with regard to security in companies, authorities and organisations, as they enable tokenless two-factor authentication. More details about this are provided in a free white paper published by the authentication expert SecurEnvoy, which is available here for download.
Employees who want to access an internal network must usually first prove their identity. They generally do this by entering a username and a password. SecurEnvoy adds a further layer of security to this process by requesting the entry of a passcode in addition to the user details. The required passcode is sent to users in a tokenless procedure; in other words, users do not need an additional, dedicated token such as a USB stick, but instead make use of their mobile devices, i.e. mobile phones, smartphones, tablets or laptops. Users receive the numeric passcode via SMS, email or in a soft token app. The passcode is then entered on the login page together with the personal user access details, thus providing unequivocal confirmation of the user’s identity. The required passcode can also be provided via a landline call or via a QR code.
The free white paper also explains how SecurEnvoy solutions make it impossible to distribute a user identity across multiple devices and how the use of split seed records protects against hacking and spyware. The functionality of the SecurAccess two-factor authentication solution is demonstrated in a video on the SecurEnvoy YouTube channel.