Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat
PhoneFactor FAQs

How does PhoneFactor work?
What’s wrong with passwords?
How secure is PhoneFactor?
Do I need to install anything on my phone?
How long does it take to authenticate?
What happens if I lose my phone?
What happens if I lose cell phone coverage in a certain area?
Does this work everywhere or just in the US?
What if I get a phone call from PhoneFactor when I’m not trying to log in?


How does PhoneFactor work?

PhoneFactor works by placing a confirmation call, sending a text message, or pushing a notification to your phone during the login process. You simply respond to the authentication request from PhoneFactor to confirm the login.
-top-

What’s wrong with passwords?

Passwords are often the weakest link in data security. Users pick terrible passwords and bots and keyloggers harvest passwords by the thousands. Phishing sites trick users into giving passwords away and those stolen passwords are passed around, sold, or posted on the Internet. Users reuse passwords in- and outside of the office network. They’re better than nothing, but most companies need something stronger than passwords.
-top-


How secure is PhoneFactor?

PhoneFactor adds a critical second layer of security to your existing authentication architecture. Instead of only supplying a username and a password, users must also confirm possession of a trusted device – their phone – to log in. This guarantees that it is the user, and not an imposter, attempting to log into the system.

Two-factor authentication requires both something you know and something you have. In the case of PhoneFactor, the “something you know” is typically the existing username and password, and the “something you have” is the phone. Even if a user’s username and password become known to an attacker, that information is not sufficient to access the account. Likewise, even if an attacker manages to gain possession of a user’s phone, it cannot be used to access the account without also knowing the username and password. For additional protection, the user can be required to provide a secret PIN (similar to an ATM PIN) to further verify their identity.

PhoneFactor’s out-of-band authentication protects against even the most sinister threats, including man-in-the-middle attacks and malware running on users’ systems which defeat security tokens and certificates. In addition, real-time fraud alerts instantly notify you when a user’s credentials have been compromised and an attack is in progress.
-top-


Do I need to install anything on my phone?

Users who authenticate via a phone call or text message do not have to install anything on their phone. The PhoneFactor call can be placed to any landline or mobile phone, including office phone numbers with extensions, and the text method works with any mobile phone that supports text messaging. Because there are no end-user devices, enrollment and training are a breeze – all you need is the user’s phone number.

For smart phone users who prefer to authenticate using the PhoneFactor phone app, they simply download the phone app from the App Store and activate it using a code that is generated by PhoneFactor during the automated enrollment process.
-top-


How long does it take to authenticate?

The PhoneFactor authentication takes just seconds to complete. The authentication request is sent instantly when a user logs into an application or initiates a transaction protected by PhoneFactor. As soon as the user responds (by answering the call and pressing # or a PIN, replying to the text message, or tapping Authenticate in the phone app), the login or transaction is completed.
-top-


What happens if I lose my phone?

PhoneFactor can automatically roll over to a backup phone number if the user does not answer the primary number. The user can authenticate using the backup number until their phone is found or replaced. Unlike a security token or other device, replacement cell phones are readily available. A user can purchase any cell phone that is compatible with their mobile service provider. Once the phone is activated for the user’s existing phone number, they can begin using the phone to authenticate.
-top-


What happens if I lose cell phone coverage in a certain area?

PhoneFactor can automatically roll over to a backup phone number if the user does not answer the primary While the issue of cell coverage seems like it would be a hurdle, according to the FCC 99.3% of Americans live and work in areas with at least one cell carrier. The biggest issue regarding cell phones is not the ability to get a signal, but rather the ability to sustain a signal (dropped calls). PhoneFactor only needs seconds to authenticate a user. In most cases if the user has access to the internet to log into a website or remote application, they are in an area with cell coverage. In addition, the phone app works when the phone is using the cellular data network or a Wi-FI connection.

Should a user find themselves in an area where no coverage or Wi-Fi is available, the user can call support from any landline phone to bypass PhoneFactor for a single authentication attempt or change to an alternate phone number. These same options are also available from the PhoneFactor User Portal.
-top-


Does this work everywhere or just in the US?

PhoneFactor works anywhere you can receive a phone call, text message, or data access. For many regions across the world, the cost of the phone call or text message is included in the PhoneFactor service. There is no additional cost for international phone app authentications. Learn More.
-top-


What if I get an authentication request from PhoneFactor when I’m not trying to log in?

This would only happen if someone else was trying to log into your account, and they already knew your password. PhoneFactor authentication typically occurs after the username and password are verified. So, if this happens, PhoneFactor has just saved your account from illicit access!

PhoneFactor is the only two-factor service that provides users with the ability to instantly report unauthorized account access attempts, which may aid in the forensics effort to track down the perpetrator. In case a user receives an un-requested authentication call, pressing 911# will allow this incident to be reported to technical support instantly.
-top-

How It Works

   Terms  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates