Posts Tagged ‘Out-of-Band Verification’

Relax, We Have Out of Band One Time Password Data Breach Protection

out-of-band one-time passwordThe holidays are the time for giving while relaxing with family and friends. When everyone was preparing for their holiday on December 24th creatures were stirring while clicking a mouse. During the holiday a data breach of close to a million passwords lead to one embarrassed “intelligence” company and 200 gigabytes of personal information exposed. But how could this be? The year of the data breach is coming to an end and still companies do not have a secure password policy. Furthermore an out-of-band one-time password is fairly easy and inexpensive to implement while offering obvious security benefits.

Becoming more common recently, data breaches like this are all over the media. Companies are learning the hard way that they cannot skimp on security at any point in the chain. After all you are only as strong as your weakest link and the recent Stratfor data breach is a prime example. Although Stratfor had a password policy in place, findings from The Tech Herald said the policies were lacking enforcement.

In this situation the password policy only required a six character long password which contained a numerical digit. Upon cracking over 80 thousand passwords through simple means, The Tech Herald found many passwords which were not even six characters in length. Furthermore users were using commonly used terms, dates and personal references to create passwords.

Strong Password Creation

Strong passwords consist of case sensitive letters, numbers and symbols. By utilizing all types of characters it creates many more combinations to have to search through while cracking a password. Users should not use full words or terms while creating login credentials either. This allows for lists of common words to be loaded into a cracking program like the one used in the Stratfor data breach. Beyond creating a secure credential, users should change their password regularly to prevent it from being compromised.

Obviously support for stronger security must be present along with some sort of software based enforcement. However, infrastructure for this type of password security can be expensive to implement and can create an unpleasant user experience. After all who can remember a password like “B#13iL@9e”?

One-Time Password

Protecting users from themselves is not easy but a one-time password offers the ability for them to be fairly careless. Some ways of transmitting an OTP are not as secure as others though. In some cases an OTP will be delivered to the user through email which may also have been compromised. A very common problem is that people use the same password across all platforms, which means attackers may have access to the users email as well.

Out-of-Band One-Time Password

One of the easiest solutions for a more secure authentication process is an out-of-band one time password. The OTP allows users to be authenticated through their mobile phone and provides an added layer of protection from infected computers. Users benefit from the added protection gaining the ability to use simple login credentials.

With an OTP in place the weak Stratfor passwords would not have been an issue since the attackers would need to authenticate themselves before accessing the confidential data. Even if they were able to obtain the user’s login credentials and phone number they would not have access to “something you have”, which is your mobile phone. If the attackers had login credentials and an email address, without an out-of-band solution a savvy attacker may be able to gain access.

If your vision of authentication security is not all sugarplums dancing in your head you may not have had your holiday cut short by a data breach.

Securing your future with Out of Band Two Factor Authentication

out-of-band two-factor authenticationFor decades two-factor authentication has been lurking in the shadows. Most people never even realized they were performing the process of authenticating with two factors to access almost any secure information over the web. Although as 2012 approaches, we are starting to see this technology adopted by many businesses and it is more people understand the security behind two factor authentications and the importance of the technology. This could possibly be because there are so many attacks performed every day on every one.

It seems as though as time goes on more people and their information are being breached. Some of you may even know of friends or family that have fallen victim to identity theft attacks. Many people have had their emails and passwords to sites compromised and not even know it. There are also many instances where there are more advanced security breaches such as credit and banking fraud. As we become more accustomed to these scenarios we also become more educated and solutions against these types of attacks become more advanced.

Of course remedying the easier attacks comes down to keeping your computer cleaned of malicious software as well as changing your password regularly. However combating the latter involves utilizing security solutions such as two-factor authentication. Although this form of authentication is more secure than using only a single factor there are certain parts of the process that can be more secure based on the solution vendor.

Out-of-band two factor authentication solutions offer an added layer of security when authenticating. They require the user to receive a one-time password or pin on a separate network than the one they are trying to access. If a bank account holder were trying to access their online banking account from a different IP address than they usually do the bank may require this type of authentication by sending a pin to the client’s mobile phone through SMS text message. This would be considered an out-of-band two factor authentication.

Although during out-of-band authentication there is still a chance for attackers to steal information. Zero footprint authentication allows for a safe and secure experience while authentication through an out-of-band device. Zero footprint security refers to the information that is left behind on the device used to relay the one time password. During the authentication process the client receives their OTP but all traces of the process are hidden with no data left behind.

We will start to see changes to the most basic of two-factor authentications such as an ATM card and pin code. The future of computerized banking authentication will probably rely on an out-of-band solution since attackers are becoming so savvy to security. Scanners that can be placed within an ATM can easily steal your ATM card information as well as capture your pin code making this older two-factor authentication process less secure.

The future of two-factor authentication is promising as it can be applied to many security applications. With more secure forms of authenticating being implemented, it is becoming much safer to prevent fraudulent identity attacks. Even though we can never truly be 100% safe from identity theft and fraudulent activity we can become more secure making it harder for hackers to siphon information and steal personal records.

Welcome to Out-of-Band Verification

Welcome to the new out-of-ban verification website which provides information about out-of-band authentication. Usually used in two factor authentications you can find out more by reading our out-of-band authorization summary.

Check back soon because we plan to update our new website with plenty of information about verification and security over the internet or any network.