Hacking has become big business for criminals and is now the fastest growing crime type in the world.
In more than 80% of all network breaches the hackers simply log-in as a regular user and have undetected access to systems and data. With SMS PASSCODE from Entrust Datacard you are effectively taking the hackers' preferred weapon away.
"Weak or stolen user credentials are the hackers preferred weapon and are exploited in more than 80% of all network breaches."
Source: 2017 Verizon Data Breach Investigations report.
Multi-factor authentication adds trust to the login process by using multiple factors to validate the identity of the user at the point of login. SMS PASSCODE authenticates users by sending a real-time, session-specific OTP (One-Time Passcode) to the user’s mobile phone via SMS, app, voice-call, or email. Once the OTP has been validated, the user is granted access. It’s that simple!
Entrust Datacard’s SMS PASSCODE has an advantage over traditional two-factor authentication solutions which as the term suggests are simply based on two factors; something you know (username and password), and something you have (a one-time passcode). The SMS PASSCODE solution looks at multiple factors surrounding each particular login. These factors include things such as session ID, network IP and geo-location, number of successful logins, type of system being accessed, time of login, and device being used. All of these factors add context that help determine the level of trust and whether the user should be authenticated or blocked.
SMS PASSCODE is adaptive, real-time, challenge-based and session-specific, and takes advantage of contextual information when validating the user, thereby protecting against identity theft and modern Internet threats.
Unlike solutions relying on pre-issued passcodes, SMS PASSCODE only generates the passcodes once a challenge (username and password is validated) has been fulfilled.
All passcodes are generated in real-time at the point of login. No pre-issued passcodes. No seed files to be hacked.
All passcodes are locked to the session-ID of each particular login attempt for maximum security. This reduces the attack surface from being accessible from any device to a single device.
The OTP time validation period and delivery form adapts based on the context of the user.
Increase security by blocking access from high risk locations or regions.
Users receive information about the GEO-IP location of their login to help identify possible man-in-the-middle attacks.
SMS PASSCODE includes advanced brute-force and denial-of-service attack detection and protection.
Our passcodes are cryptographically strong random generated OTPs using FIPS-140 validated crypto modules and all communication between components is AES 256bit encrypted. Our platform itself is fully authenticoded and obfuscated.
"Because we have multiple login systems and many different login scenarios to support, it is a relief that we can solve all our user authentication needs with the new platform and be compliant to the strict regulations set forth by the law makers."
SMS PASSCODE leverages the one thing users always carry with them – their mobile phone. The solution is intelligent, intuitive and so convenient that end users will happily maintain compliance. Here are some of the components that enable a superior user experience with SMS PASSCODE:
Easily set up highly sophisticated failover mechanisms to ensure that the OTPs always arrive. The solution can even adapt between delivery methods based on the login context of the user, e.g. the location.
For even greater user convenience the solution can be configured to dynamically change the level of authentication needed based on e.g. where the users are located when logging in, what time they are logging in, and what network they are logging in from, and how many successful logins have been made from a particular location. For example, if the user is logging in from a trusted location such as the comfort of their home (where they have logged in from before), then they will not be prompted for an OTP in order to authenticate. On the other hand, if they are attempting to log in while traveling i.e. from an airport lounge or hotel with a public Wi-Fi then an OTP would be mandatory to gain access.
SMS PASSCODE provides unique status feedback that enables the user to follow the login progress. Status feedback inspires user confidence and reduces the number of helpdesk calls.
Make innovative use of letter combinations to provide users with easy-to-read passcodes, helping support the smooth intuitive login process of SMS PASSCODE.
SMS PASSCODE is very easy to install, deploy and administer. SMS PASSCODE offers flexible policy-driven administration, and protects multiple platforms on a global scale. The solution integrates seamlessly with both remote access systems and cloud applications.
Simple user provisioning
SMS PASSCODE allows for one-click integration to Microsoft Active Directory (AD), but also supports any LDAP store without schema changes or extensions. Add new users on the fly as your business grows.
Embrace flexibility as circumstances change
Circumstances change and you need a platform that you can rely on as your business requirements evolve. Through SMS PASSCODE’s advanced policy engine you have maximum flexibility to easily tailor the solution to your security needs while maintaining convenience for the users. This unique engine enables a secure, flexible, and convenient user authentication process that you can depend on anywhere and anytime.
Monitor system usage, spot trends in login patterns, and see high-risk locations and potential attacks in real-time.
SMS PASSCODE supports a broad set of login systems for remote access. The platform is designed to integrate seamlessly into VPN/SSL VPN Clients, cloud applications, websites, and remote access solutions like Cisco, Citrix, Microsoft, VMware, F5, Juniper, Barracuda, Watchguard, etc.
Here are two typical multi-factor authentication use case examples:
Organization A has 5,000 employees across multiple office locations around the world. The workforce is highly mobile and typically access corporate networks and applications remotely through Citrix NetScaler and Cisco ASA VPNs. Access to webmail (OWA) and the company’s CRM (Salesforce) are also secured by SMS PASSCODE. Organization A takes advantage of the advanced capabilities of the platform to adapt the level of authentication needed based on the level of trust surrounding each login, and by adding GEO-fencing to block logins from high-risk countries.
Organization B has 500 employees. Remote access is done through Microsoft Remote Desktop which is protected with Multi-Factor Authentication. Organization B also operates an Extranet where employees and external consultants can exchange information. They use SMS PASSCODE to keep their data safe and easily manage, add or remove users on the fly.
Regardless of whether you want to protect cloud apps or a remote access system, we give you all the integrations and scalability you need.
SMS PASSCODE can be deployed as an on-premise solution or as a hosted solution through one of our managed service providers. Each option has its advantages. Please contact us to find a solution that is best for you. You can also take us for a test drive with a free trial.
Entrust Datacard's SMS PASSCODE solution is notoriously easy to install and configure, and most customers are up and running within a few hours.
Businesses of all sizes are being targeted by hackers and keeping data safe is no longer just a concern for large corporations. At Entrust Datacard we believe in providing affordable multi-factor authentication technology to any business, regardless of size.
Regardless of whether you are replacing a current user authentication solution or implementing user authentication for the very first time, you will benefit from a cost-effective solution that ensures your employees can easily and safely access corporate networks and applications remotely.
The IT industry is riddled with buzzwords, and it is no different when it comes to user authentication, and the industry evolves so fast that it can be difficult to keep up. To make your research easier we have compiled a list of words and abbreviations that you are likely to encounter:
Keyfobs = Hardware tokens
Old school form of user authentication developed in the 80s to protect against basic threats like keyloggers. HINT: This is bad, because the passcodes are all pre-issued from a seed file. Your users will hate having to carry something extra, your IT team will hate the management, distribution and cost of the tokens, and most importantly they are vulnerable to even basic phishing attacks.
Soft tokens = Software tokens
An evolution of the hardware token, but where the passcodes are delivered to a mobile device.
HINT: This is bad, because although more convenient, the soft tokens such as Google Authenticator or Microsoft Authenticator are based on the same use of pre-issued passcodes.
OTP = One-time passcodes
Passcodes used by users in combination with their password at the point of login.
HINT: This is good since the passcode can only be used once.
tOTP = Time based one-time passcodes
A term typically used by hardware authentication providers where codes are valid for a certain period.
HINT: This is bad, because unless tied to the session ID the codes can be used on any given device together with the right password.
hOTP = event based one-time passcodes
These passcodes are typically used by hardware authentication providers where the codes are triggered by an event i.e. push of a button on the token.
HINT: This is bad, and does not provide your organization with the right level of security to safeguard against modern threats.
OOB = Out-of-band
This is when two separate networks are used simultaneously to authenticate the user.
HINT: This is good, and most multi-factor authentication solutions today are OOB.
A method of authentication where an OTP is sent to the user via SMS. There are many forms of SMS-based authentication. SMS PASSCODE uses real-time SMS-based authentication where the code is challenge-based and session-specific. Other vendors typically send pre-issued passcodes as SMS which is less secure. Vendors that struggle to deliver the OTPs in a timely fashion will typically use a form of SMS-based authentication where the OTPs are delivered in advance of the login, which negatively affects the user experience.
HINT: Insist on modern SMS-based authentication that is real-time, challenge-based and session-specific, and make sure there are automatic failover options in place like voice-call, app or email to ensure that users can always rely on the OTPs arriving.
Challenge-based authentication means the passcode is not generated until the user’s credentials have been validated.
HINT: This is good, and enables you to generate OTPs in real-time, which raises security significantly.
If your authentication solution offers session-based/session-specific protection, then each OTP generated is tied to the individual login session ID, meaning it is ONLY valid for that particular login.
HINT: This is good, and helps secure access against more advanced cyber attacks.
Also referred to as contextual intelligence, is the context around each login that helps determine the level of trust at the point of login. Examples could be, session ID, GEO location, time, system being accessed and login behavior.
HINT: This is good, because it enables a more intelligent form of user authentication and contributes to both stronger security and higher user convenience.