Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat

Comparing PhoneFactor to Security Tokens

Evaluating two-factor authentication solutions requires a look at three critical areas – the security and scalability of the technology, hurdles to user adoption, and the total cost (including internal costs) to deploy and support the system. Below is an analysis of token-based authentication systems and PhoneFactor’s phone-based authentication solution.

Security Tokens

One of the more common two-factor systems is based on authentication tokens that generate a pseudo-random sequence of digits referred to as a One-Time Password (OTP). The most popular of these systems is the RSA SecurID™ system. While these systems provide an additional level of security over legacy one-factor authentication systems, they bring with them several disadvantages.

Tokens and other similar devices do not protect against emerging threats, such as man-in-the-middle attacks. As the sophistication of attacks continues to increase, Out-of-Band authentication, which utilizes a separate channel for the second factor of authentication, is becoming widely recognized as a best practice for two-factor authentication. Any device, such as a security token, security fob, usb token and even soft tokens, which require a OTP be keyed into the original login interface, do not meet the criteria for out-of-band authentication and as such are vulnerable to attack.

User adoption is one of biggest obstacles to widespread adoption of security tokens. Users are resistant to carrying an extra device, and as more companies implement two-factor authentication, users could be required to carry multiple security tokens – one for their online bank account, one for their trading account, and one for their corporate vpn. Security tokens are easy to lose or break creating a frustrating experience for users and placing a large burden on your IT department.

Because token-based systems require users to change their behavior substantially, significant training is needed. Users sometimes have a hard time remembering which order the PIN and the token digits are entered, and training users to “wait for the bars” is difficult. Some systems even require administrators to modify applications before they will work, invoking all of the change control difficulties associated with non-standard vendor software.

Since security tokens must be provisioned, mailed, inventoried and replaced, they require significant IT resources to deploy and support. Security tokens are lost at a rate of up to 10% each year, expiring tokens must be re-provisioned every 2-5 years, and tokens can get out of sync, meaning the OTP that is generated is not the same one the login application is expecting. The resulting costs to an IT department can become a material part of the total cost of ownership for a token solution.

Technology
  • Two-factor, typically across a single channel
  • Off-the-shelf software integrates with a wide range of applications
  • Optional user enrollment and management tools available
User Adoption
  • Users do not like carrying an extra device
  • Security tokens are easy to lose or break with no readily accessible alternative
Cost
  • Significant upfront authentication hardware/software investment plus cost for initial and replacement devices
  • High internal deployment and ongoing support costs

PhoneFactor

PhoneFactor generally does not suffer from any of the previously mentioned challenges. PhoneFactor combines the high degree of security that you need to protect your company from today’s attacks with a solution that’s easy to set up, maintain, and use. By leveraging something every user (employee, partner, and customer) already has, their phone, PhoneFactor works everywhere for everyone. With PhoneFactor, users simply login with their username and password – just like they do today. Instantly the user’s phone rings. They answer and press # (or enter a PIN) to complete their login.

By combining out-of-band authentication with real-time fraud alerts, PhoneFactor offers the strongest level of two-factor security on the market today. The PhoneFactor platform relies exclusively on the telephone network for the second factor of authentication which ensures protection against keystroke loggers and man-in-the-middle attacks. PhoneFactor can be used to verify specific high-risk transactions, so even if the user’s authenticated session has been hijacked, their transactions are protected. Not only does PhoneFactor prevent unauthorized logins and transactions, it notifies you instantly if a user’s credentials have been compromised and an attack is in progress. No other two-factor solution is capable of providing this level of real-time threat detection.

PhoneFactor does not require any changes to the user interface and no extra devices for users to carry and keep track of, so little end user training is required. The phone is an inherently user-friendly device and is accessible for users with disabilities. The same phone number can be used to authenticate any application, eliminating the need for multiple devices, and works anywhere in the world.

Because there are no security tokens or other devices to deploy or manage and no software or certificates for end users to install, PhoneFactor requires very little effort to implement and virtually no ongoing support. PhoneFactor offers instant integration with all leading business systems and synchronizes with AD and LDAP Servers for centralized user management. Easy, automated self-service options are available through the phone and web, which helps to significantly minimize overhead.

Technology
  • Out-of-band authentication with live fraud alerts
  • Instant integration with leading enterprise systems
  • Web plug-ins integrate with existing websites and online transaction processes
  • User enrollment and self-service tools keep overhead low
User Adoption
  • Extremely easy – users simply answer their phone and press #
  • Works with any phone, anywhere
  • No changes to the user login experience
  • No security tokens or extra devices to keep track of
  • No software downloads or text messages to cell phones
Cost
  • Low annual fee per user or per auth
  • No hardware to purchase or install
  • No security tokens or devices to manage
  • Users replace their own lost or damaged phones

PhoneFactor’s phone-based two-factor authentication service offers a greater level of security and a better user experience than security tokens, like RSA SecurID, security fobs, and other authentication tokens. And, it’s significantly less expensive to deploy and maintain. For more information try the PhoneFactor Demo or Download the Free Version.

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates