Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat
PhoneFactor Blog

What’s wrong with passwords?

Posted  May 26, 2007 By Steve

It’s been a super busy week again at Positive Networks, as we prepare to enter our next round of beta testing in the coming weeks. I’ve finally managed to get the PhoneFactor Blog up and running, although it’s not yet in its final form. But, be that as it may, I thought I might take a second to answer one of the more common questions I hear.

If you haven’t researched two-factor authenticaiton before, you may be wondering what’s wrong with simple username/password authentication. As it turns out, the answer is, A lot.

Passwords are often the weakest link in data security. Users pick terrible passwords. Bots and keyloggers harvest passwords by the thousands. Phishing sites trick users into giving passwords away. Passwords can be passed around, sold, or posted on the Internet. Users reuse passwords in- and outside of the office network. They’re better than nothing, but most companies need something stronger than passwords.

That’s where PhoneFactor comes in: during login, a user gets an automatic confirmation call right to his phone. If he wants to approve the login, he simply presses # and hangs up.

If, on the other hand, someone has stolen his username and password, or is simply guessing at passwords, then the user can hit * instead to deny the login. This can even be configured to notify security administrators instantly, which may help track down the attacker.

Two-factor authentication is already in use in some high-security environments, such as banks, hospitals, and certain government agencies. But, the high cost of most two-factor solutions has kept the technology out of the mainstream.

PhoneFactor is going to change all that. From the day it’s released, PhoneFactor will be free for the majority of customers and users. There will be no per-user or per-authentication fees, and Positive Networks is even going to pick up the phone bill. We’ll also make some advanced, enterprise-grade deployment and management tools available, for organizations with advanced needs.

So, in summary, what’s wrong with passwords? The short answer is that they just aren’t secure enough for many businesses in today’s world. With PhoneFactor, we hope we finally have a solution for everyone that’s easy, economical, and most importantly, secure.

For more information, head over to www.phonefactor.net, or feel free to drop a question in the comments.

-Steve

Share This
  • Twitthis
  • Facebook
  • E-mail this story to a friend!
  • Digg
  • Technorati
  • del.icio.us
  • StumbleUpon
  • Slashdot

Leave a Reply

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates