What is Out-of-Band Verification
Out-of-band authentication is the process of identifying a user through a separate network than they are using to access confidential information. This is usually the case during highly secure two-factor authentications when a user is logging into a system to access data. The user will log in using traditional credentials like a username and password, the first factor, then they will be asked to enter a pin, the second factor, which will be sent to a device on a separate network. A mobile phone is the most common device for receiving out-of-band information, sent through SMS text message.
What Makes Out-of-Band Verification More Secure?
Imagine you are trying to keep your important information safe from malicious attacks so you have a two-factor authentication solution put in place. Now when anyone logs in to access the information they are asked to enter a pin to verify their identity. Although your solution vendor does not offer out-of-band authentication, instead they send an email to the user’s account which contains the pin. This personal identification number which has been emailed can be accessed from the same computer being used to log in to the confidential data.
If an attacker has key logging software installed on the user’s computer or some other application that allows them to receive data from the user’s computer, they will be able to intercept the pin very easily. Out-of-band solutions send the user’s pin to a network that is separate from the log-in gateway to protect from piggy-backing techniques used to steal information. Instead of having to hack one computer the attacker would have to also gain access to the secondary devices network which would be very difficult.