Comparing PhoneFactor to Soft Tokens

Evaluating two-factor authentication solutions requires a look at three critical areas – the security and scalability of the technology, hurdles to user adoption, and the total cost (including internal costs) to deploy and support the system. Below is an analysis of soft token authentication systems and PhoneFactor’s phone authentication solution.

Soft Tokens

Like a hardware security token, soft tokens rely on a One Time Password as the second factor of authentication. A piece of software is installed on the end user’s desktop computer, laptop, PDA, or mobile phone, which generates a OTP. Software tokens do not require a physical device be deployed to users, so hard costs are less than hardware security tokens, but supporting installation and use of the soft token application on the end user’s device can result in significant internal support costs. If the software is installed on a user’s PC, they must have access to the PC in order to retrieve the OTP. This might not be the case is a user was logging in from a kiosk, mobile phone or other device. Soft tokens are exposed to threats such as computer viruses and software attacks, and are not out-of-band.

Technology	Two-factor, typically across a single channel Integrates with a wide range of applications
User Adoption	User must install a software on their PC or mobile phone Access to the device where the software is installed is required
Cost	Implementation costs, then relatively low per user cost Software setup and configuration High internal deployment and ongoing support costs

PhoneFactor Phone Authentication

PhoneFactor’s phone-based two-factor authentication service offers a greater level of security and a better user experience than soft tokens. And, it’s significantly less expensive to deploy and maintain. For more information try the PhoneFactor Demo or Download the Free Version.