How does PhoneFactor work?
What’s wrong with passwords?
How secure is PhoneFactor?
Do I need to install anything on my phone?
How long does it take to authenticate?
What happens if I lose my phone?
What happens if I lose cell phone coverage in a certain area?
Does this work everywhere or just in the US?
What if I get a phone call from PhoneFactor when I’m not trying to log in?
How does PhoneFactor work?
PhoneFactor works by placing a confirmation call or sending a text message to your phone during the login process. You simply answer your phone and press # (or enter a PIN) or reply to the text message to confirm the login.
-top-
What’s wrong with passwords?
Passwords are often the weakest link in data security. Users pick terrible passwords and bots and keyloggers harvest passwords by the thousands. Phishing sites trick users into giving passwords away and those stolen passwords are passed around, sold, or posted on the Internet. Users reuse passwords in- and outside of the office network. They’re better than nothing, but most companies need something stronger than passwords.
-top-
PhoneFactor adds a confirmation phone call or SMS text message to your existing authentication architecture. Instead of only having a username and a password, users now receive an automated call or text message to confirm the login. This guarantees that it is the user, and not an imposter, attempting to log into the system.
Two-factor authentication requires both something you know and something you have. In the case of PhoneFactor, the “something you know” is typically the existing username and password, and the “something you have” is the phone. Even if a user’s username and password become known to an attacker, that information is not sufficient to access the account. Likewise, even if an attacker manages to gain possession of a user’s phone, it cannot be used to access the account without also knowing the username and password. For additional protection, the user can be required to provide a PIN (either by entering it into the phone during the call or by sending it in a text message) to further verify that they have possession of the phone.
PhoneFactor’s out-of-band authentication protects against even the most sinister threats, including man-in-the-middle attacks and malware running on users’ systems which defeat security tokens and certificates. In addition, real-time fraud alerts instantly notify you when a user’s credentials have been compromised and an attack is in progress.
-top-
Do I need to install anything on my phone?
No, absolutely nothing needs to be installed on the phone. The phone call can be placed to any landline or mobile phone, including office phone numbers with extensions, and the text method works with any mobile phone that supports text messaging.
Because there are no end-user devices, enrollment and training are a breeze – all you need is the user’s phone number.
-top-
How long does it take to authenticate?
The PhoneFactor authentication takes just seconds to complete. The phone call or sms text message is sent instantly when a user logs into an application or initiates a transaction protected by PhoneFactor. As soon as the user responds (by answering the call and pressing # or a PIN or replying to the text message), the login or transaction is completed.
-top-
What happens if I lose my phone?
PhoneFactor can automatically roll over to a backup phone number if the user does not answer the primary number. The user can authenticate using the backup number until their phone is found or replaced.
Unlike a security token or other device, replacement cell phones are readily available. A user can purchase any cell phone that is compatible with their mobile service provider. Once the phone is activated for the user’s existing phone number, they can begin using the phone to authenticate.
-top-
What happens if I lose cell phone coverage in a certain area?
While the issue of cell coverage seems like it would be a hurdle, according to the FCC 99.3% of Americans live and work in areas with at least one cell carrier. The biggest issue regarding cell phones is not the ability to get a signal, but rather the ability to sustain a signal (dropped calls). PhoneFactor only needs seconds to authenticate a user. In most cases if the user has access to the internet to log into a website or remote application, they are in an area with cell coverage.
Should a user find themselves in an area where no coverage is available, the user can call support from any landline phone to bypass PhoneFactor for a single authentication attempt or change to an alternate phone number. These same options are also available from the PhoneFactor User Portal.
-top-
Does this work everywhere or just in the US?
PhoneFactor works anywhere you can receive a phone call or text message. For many regions across the world, the cost of the phone call or text message is included in the PhoneFactor service. Learn More.
-top-
What if I get an authentication request from PhoneFactor when I’m not trying to log in?
This would only happen if someone else were trying to log into your account, and they already knew your password. PhoneFactor authentication typically occurs after the username and password are verified. So, if this happens, PhoneFactor has just saved your account from illicit access!
PhoneFactor is the only two-factor service that provides users with the ability to instantly report unauthorized account access attempts, which may aid in the forensics effort to track down the perpetrator. In case a user receives an un-requested authentication call, pressing 911# will allow this incident to be reported to technical support instantly.
-top-
