In order to increase security of websites, applications and networks, many organizations are increasingly turning to two-factor authentication. Recently I tried to log into my online banking from a new laptop. The website returned a message that it did not recognize the computer and I would need a PIN to log in. The PIN could be delivered via email or SMS to my mobile phone. Further, the PIN could only be delivered to an email or cell number the bank already had on record – no ability to enter new information.
Tools4ever has recently made enhancements to our Self Service Reset Password Manager (SSRPM) software to take full advantage of two-factor authentication by several methodologies. The first enhancement, released earlier this year, delivered a PIN via an email account. The email adds had to be previously entered by the end user to insure no spoofing can occur. Once a user initiates the “Forgot My Password” wizard and completes the challenge questions, they are prompted for the PIN to complete the password reset.
The most recent version of SSRPM, released on June 24th, takes two-factor authentication to the next level and provides the ability to deliver an SMS message containing the PIN. The cell phone number needs to be entered during enrollment by the end user, once again to prevent spoofing when a reset is actually performed. In a similar fashion to the email functionality, once an end user initiates the reset wizard and completes the challenge questions successfully, they are prompted to enter the PIN delivered to their cell via SMS.
To learn more about two-factor authentication, this Wiki article has excellent information. To learn more about Tools4ever and SSRPM, please visit our website.
Wednesday, July 13, 2011
Subscribe to:
Posts (Atom)