Comparing PhoneFactor to Other SMS Authentication Solutions

Evaluating two-factor authentication solutions requires a look at three critical areas – the security and scalability of the technology, hurdles to user adoption, and the total cost (including internal costs) to deploy and support the system. Below is an analysis of the sms two-factor authentication systems on the market today and PhoneFactor’s authentication solution, which includes support for authentication via an automated voice call, SMS text message, and phone app.

Other SMS Authentication Solutions

With other SMS authentication systems, a One-Time Password (OTP) is sent to the user via a text message to their cell phone. As with a security token, the user must enter the OTP into the login interface to verify the possession of a trusted device. But unlike tokens, SMS authentication systems leverage a device the user already has – their cell phone. There are some 3.5 billion cell phones in the world today, which is a big advantage over tokens and other security devices.

However, one of the biggest disadvantages of most SMS authentication solutions is that they do not protect against emerging threats, such as man-in-the-middle attacks. As the sophistication of attacks continues to increase, Out-of-Band authentication, which utilizes a separate channel for the second factor of authentication, is becoming widely recognized as a best practice for two-factor authentication. Any authentication method that requires a OTP be keyed into the original login interface does not meet the criteria for out-of-band authentication and as such is vulnerable to attack.

PhoneFactor Out-of-Band Authentication

PhoneFactor also leverages the phone for two-factor authentication and provide authentication through an SMS text message, as well as an automated voice call and smartphone app, but with some important differences from other SMS authentication providers. With PhoneFactor, users simply login with their username and password – just like they do today. Instantly an SMS text message with a One-Time Password is sent to the user. The user simply replies to the SMS message with the OTP to authenticate. Because the One-Time Password is both sent and confirmed through an SMS text message, the process is completely out-of-band.

By combining out-of-band authentication with real-time fraud alerts, PhoneFactor offers the strongest level of security on the market today. The PhoneFactor platform relies exclusively on the telephone network for the second factor of authentication which ensures protection against keystroke loggers and man-in-the-middle attacks. PhoneFactor can be used to verify specific high-risk transactions, so even if the user’s authenticated session has been hijacked, their transactions are protected. Not only does PhoneFactor prevent unauthorized logins and transactions, it notifies you instantly if a user’s credentials have been compromised and an attack is in progress. Security tokens are simply not capable of alerting you to an attack.

PhoneFactor requires very little effort to implement and virtually no ongoing support. PhoneFactor offers instant integration with all leading business systems and synchronizes with AD and LDAP Servers for centralized user management. Easy, automated self-service options are available through the phone and web, which helps to significantly minimize overhead. It is easy to use, requiring no end user training.

PhoneFactor’s two-factor authentication service with phone and sms authentication options offers a greater level of security than other SMS authentication providers. And because PhoneFactor allows users to choose the authentication method they prefer (phone call or SMS text message), it enables the ultimate flexibility for your users and a single platform for your IT team to manage. For more information on PhoneFactor’s sms authentication try the PhoneFactor Demo or Download the Free Version.