City of Roseville, California Adopts PhoneFactor to Provide Two-Factor Authentication for VPN Access

New Tokenless, Two-Factor Authentication Service Makes Any Phone an Authentication Device, Eliminating Additional Hardware Costs While Simplifying Security

March 4, 2008 – The city of Roseville, California has standardized on PhoneFactor for providing two-factor authentication in order to access the city’s mission-critical data and applications. The Sacramento Valley city has 1,200 employees and sought new technology to reduce costs while providing strong security for accessing applications remotely.

PhoneFactor is a phone-based authentication service that can use any cellular phone (or traditional phone as the only requirement is to be able to receive a traditional telephone call) as the second authentication factor. It eliminates the need for tokens, smart cards or certificates, and the expensive hardware and complicated implementations associated with those alternatives.

Small and mid-sized cities have been targets of hackers due to tight municipal budgets and limited IT staff. PhoneFactor’s low cost and high security make it an ideal solution for securing authorized access to a city’s VPN or other critical applications.

“The challenge with software or hardware tokens is logistics; inventory and distribution, especially to vendor support staff that could be located anywhere,” said David Applebaum, telecommunications manager, City of Roseville. “With PhoneFactor, we’ve eliminated the need to buy and manage tokens, and our employees use their own phones to access the city’s VPN. PhoneFactor solves our multi-factor authentication challenge with simplicity and value while proving significantly stronger security for the city’s VPN.”

PhoneFactor is a web-based service that can be set up in minutes for enterprises seeking a secure means of authenticating end-users. No changes are required to user interfaces and no software needs to be downloaded to the phone. It seamlessly integrates with Microsoft Domain and RADIUS as primary authentication technology, and users can easily be set up through a simple active directory import, or on an individual basis. Positive Networks can also provide 24×7 end-user and IT administrator support.

Everything can be included to roll out a complete authentication service including plug-ins for VPN appliances, Citrix Access, Outlook Web Access, web applications and most other standard applications. In addition, PhoneFactor offers key security features not available from other two factor authentication systems like Live Fraud Alert and Anti-phishing. PhoneFactor is the only two-factor authentication that allows for instant attack detection and proactive notification of the end-user in an attack occurs. The end-user has the ability to instantly notify the appropriate personnel with the touch of a button on the phone.

“PhoneFactor makes two-factor authentication simple and inexpensive,” said Evan Conway, Chief Privacy Advocate for Positive Networks. “It removes the barriers to implementing strong authentication for public sector organizations that previously may have felt that alternatives were too cumbersome for both end-users and IT professionals.”