PhoneFactor Extends Comprehensive Line of Authentication Solutions with App for Windows Phone

Posted on December 5, 2012 by

The PhoneFactor App for Windows Phone extends the already robust PhoneFactor platform to include yet another option for strongly authenticating access to both on-premises and cloud applications using the Windows Phone your employee or customer already carries.

The simple to use PhoneFactor App asks a Windows Phone user to authenticate his or her login or transaction with a tap of the screen. Like PhoneFactor’s apps for iOS and Android, the app for Windows Phone offers a number of advanced security benefits that are critical, particularly with today’s increased mobility.

The PhoneFactor App for Windows Phone:
• Works anywhere the user is connected to a cellular or Wi-Fi network
• Is able to block illicit activity and notify the company’s fraud alert team
• Can be used as a soft token in off-line mode

The PhoneFactor for Windows App supports Windows Phone 7 and 8 and is available as a free download in the Windows Store. Combined with its flagship phone call, sms text, and other app options, PhoneFactor delivers the most comprehensive phone-based authentication platform for enterprises and banks today.

Posted in Blog | Leave a comment

PhoneFactor Joins Microsoft

Posted on October 4, 2012 by

I am pleased to announce that PhoneFactor is now part of Microsoft. This is very exciting news for PhoneFactor, our customers and the industry.

When we initially launched PhoneFactor, we had a vision to deliver strong authentication as a seamless part of almost every process where an individual needs to access confidential or proprietary data.  We wanted to solve this problem broadly, whether it’s from a server on-premises or in the cloud, or whether the individual is using a PC, smartphone, or tablet.  Phones provided the ideal platform:  easy to use for the masses at scale, yet also capable of supporting enterprise-scale implementation of multi-factor authentication. So, we built authentication solutions that integrated exceptionally well with enterprise platforms like those provided by Microsoft. That turned out to be a smart decision as PhoneFactor has become a leader in phone-based authentication for the enterprise.

With today’s announcement, we have taken an important step toward realizing our vision. With Microsoft’s product breadth and distribution reach, it will be possible to bring the benefits of PhoneFactor to a broader set of customers, partners and developers than we could as a stand-alone company.  And as part of Microsoft, we will work to improve the interoperability and ease of use of our solutions – but more to come on that in the future.

The PhoneFactor team will continue to support existing customers in the same manner we do today and we remain open for business and ready to work with you to implement PhoneFactor’s strong authentication solutions.

Today, we celebrate a milestone for our company, and ultimately, we believe, for the identity and security industry as a whole.  Thank you to our fantastic team members who built PhoneFactor’s success and to the many customers who have put their trust in PhoneFactor over the years.

For more information, FAQs are available at http://www.phonefactor.com/microsoft.

-Timothy Sutton, PhoneFactor CEO

Posted in Blog | Leave a comment

Making A Case For PhoneFactor

Posted on September 20, 2012 by

Global Law Firm Secures Access to Sensitive Information with PhoneFactor

Fredrikson & Byron is a global law firm whose attorneys travel frequently, and like many attorneys they often work from home, airports, and even on vacation. To enable easy access to documents and applications from outside the office walls, attorneys were logging in with only a username and password. But as the threat landscape evolved, this practice no longer met Fredrikson & Byron’s rigorous security standards. Due to the sensitive nature of their work, the firm decided they must employ strong security controls to safeguard client data and communications, as well as comply with regulatory mandates.

The solution: PhoneFactor. For a professional services firm that bills by the hour, it is critical that any technology solution not impede productivity. PhoneFactor has accomplished exactly that for Fredrikson & Byron, while still providing the much needed extra layer of authentication that gives both their clients and their IT department confidence that their data is secure.

“Our attorneys and staff use both company issued and their own devices to access a wealth of information via remote access. They know that it would be extremely difficult to gain credibility if any customer information was inadvertently intercepted, and are happy to use PhoneFactor’s simple solution.” - Bob Morrison, Security Engineer

> > Read the full case study.

 

Posted in Blog | Tagged , | Leave a comment

More Is More: OATH Passcode Options Extends Suite of Phone-Based Methods

Posted on July 10, 2012 by

PhoneFactor has added an OATH passcode option to its suite of phone-based authentication methods. This means PhoneFactor’s already broad selection of multi-factor authentication options has grown – again!

How It Works
The PhoneFactor Mobile App functions as a soft token, generating a one-time passcode using the industry-standard OATH algorithm. The user simply enters the passcode into the login interface to authenticate. The PhoneFactor OATH passcode option:

  • Serves as Primary or Backup Authentication Method: Users can be configured to always authenticate using an OATH passcode or as a backup to out-of-band methods.
  • Works Anywhere: No cellular or Wi-Fi connection is required, so it works on airplanes and other unique cases where cell or data service is not available.
  • Supports Third Party OATH Tokens: PhoneFactor also works with third party OATH hardware and software tokens.
  • Automates User Enrollment and Activation: The process of enrolling users is simple and fully automated – enabling rapid user deployment.

The PhoneFactor OATH passcode option is available in PhoneFactor Extended edition.

With 100% out-of-band methods, including a phone call, text message, and push notification, and now support for OATH passcodes, PhoneFactor offers the most comprehensive set of phone-based authentication options in the marketplace. This means more flexibility for users and more security for organizations.

Posted in Blog | Tagged , , ,

What’s in your Email?

Posted on June 25, 2012 by

Survey reveals that highly sensitive information sent through email lacks critical security controls.

When the personal email accounts of Mitt Romney and Sarah Palin were hacked it made the news, but the vast majority of people don’t believe their personal or business email is under attack. Cases like the decade long monitoring of email belonging to Nortel executives prove that email communications are in fact incredibly valuable and therefore highly targeted by cybercriminals. To test the point, we asked more than 400 IT professionals a simple question: What’s in your email?

WATCH THE VIDEO:

Watch Video

The majority reported that highly sensitive information about their corporate strategy or customer base is communicated via email, and for 80% of respondents, the only thing standing between an attacker and this email communication is a simple username and password.

Risk: Nearly three-quarters (73%) of respondents consider the data they transmit in company email to be highly sensitive, including:

The information their corporate executives transmit is considered even more sensitive, including material like:

  • Budgeting Plans/Details (76%)
  • M&A Activities (33%)
  • Product Roadmap Plans (63%)
  • Potential Layoffs and Reorganizations (45%)
  • Sensitive Compensation Issues (47%)

If information from a senior executive was compromised, respondents surmised the top three impacts to their business would include:

  • Public Embarrassment/Hit to Company Reputation (59%)
  • Lost Trust Among Customers (54%)
  • Lost Trust Among Employees (49%)

For larger organizations, Public Embarrassment was seen as a potential impact for 73% of respondents with Lost Trust Among Customers at 57% and Lost Trust Among Employees at 61%. For nearly one-third (30%) of respondents, these impacts translated into potential Lost Shareholder Value.

Email Security Confidence: An alarming 74% of respondents were either Not at All Confident or only Somewhat Confident that their existing security precautions are adequate to prevent an attacker from penetrating their company email system. Further, 80% said that that if a bad guy obtained an employee’s username and password, he could gain access to at least some users’ accounts.

Role of Two-Factor Authentication: When asked if two-factor authentication is critical to prevent unauthorized access to company email, nearly three-quarters (74%) felt it was at least somewhat critical, with 47% rating it as Very or Extremely Critical. However surprisingly, only 26% of respondents currently require two-factor authentication to secure remote access to company email for all of their users.

Email Security Importance: There seems to be a heightened awareness of the need to secure email systems. Nearly all respondents (96%) found it to be important to secure access to company email, with 71% indicating it is Very or Extremely Important. Additionally, 41% have elevated the importance of email security in the past 12 months, and one-third (33%) are planning to add additional security controls to company email in the next 12 months.

Companies are moving to enhance security procedures in what they see as an increasingly unsafe environment. User friendly security solutions that are easy for the IT department to manage, like PhoneFactor’s multi-factor authentication, are indicated to be a required piece of this complex puzzle.

Download Complete Survey Results at www.phonefactor.com/emailsurvey

Posted in Blog | Tagged , , , , , , ,

PhoneFactor for VMware View

Posted on June 20, 2012 by

VMware added support for RADIUS in its recent release of VMware View 5.1, enabling additional out-of-the-box integration with PhoneFactor. VMware and PhoneFactor (a VMware Technology Alliance Partner) teamed up to validate interoperability and create a How-To Guide on configuring VMware View for PhoneFactor using RADIUS.

When enabling PhoneFactor to secure access to VMWare, PhoneFactor acts as a RADIUS server or as a RADIUS proxy server. When a user logs in, a RADIUS request is made to the PhoneFactor Agent. The Agent validates the username/password with Active Directory, an LDAP directory, or another target RADIUS server before initiating a PhoneFactor authentication. If the authentication succeeds, the user is granted access. It’s that simple.

The PhoneFactor Agent runs on existing hardware; no new server hardware or appliances are required. It synchronizes with existing Active Directory and LDAP servers for centralized user management, and offers self-enrollment and management tools to streamline user deployment and support.

Plus, users love it. There are no extra devices to carry and keep track of. It works instantly with the user’s existing phone.

Visit the PhoneFactor Solution Overview for VMware View or the VMware Community to learn more. A copy of the How-To Guide is available from the Documents section of the PhoneFactor Online Management Portal.

Posted in Blog | Tagged , , ,

What would you bet on the security of your corporate network?

Posted on March 26, 2012 by

For most IT professionals, the answer is ZERO, NADA, ZIP, ZILCH.

We recently surveyed more than 300 IT professionals, and their responses indicate an overwhelming lack of confidence in the security of their corporate networks. This was particularly apparent when IT pros were asked how much of their own money they would stake that their networks will not be breached in the coming year.

The majority (70%) of respondents were only Somewhat or Not At All Confident that an unauthorized person could not gain access to their network. And when asked if an expert hacker would be capable of infiltrating their network, 84% thought it was at least possible.

70% of IT pros are only somewhat confident that an unauthorized person could not gain access to their network

So, we asked IT professionals to put their money where their mouth is. How much of their own money would they be willing to bet that their company’s network will NOT be compromised in the next 12 months? The majority (58%) would bet $0.

58% of IT pros would bet $0 that their network will not be compromised

It’s easy for a person to say that their network is secure, but when we asked them to make a bet using their own money they simply would not do so unless these further protections were put into place.

So, what’s driving all of this uncertainty? More than half of respondents cited malware, including root-kits, zero day exploits, and man-in-the-browser attacks as putting their networks at risk. Other key concerns include: Use of personal devices to access company resources (BYOD), the sheer volume of attacks, and widespread use of remote network access.

Malware, BYOD Key Contributors to Insecurity

Perhaps one of the most unsettling insights to come out of the survey is the fact that only a quarter of IT professionals were confident that they would know if their network had been infiltrated.

Only one-quarter are very confident they would know if their network was compromised

Recently, a number of high-profile instances of attackers lurking undetected within corporate networks, sometimes for years, have come to light. In one such case, the email of Nortel executives was compromised for nearly a decade, allowing an attacker to access trade secrets and other sensitive information sent via email.

Knowing when an attacker is attempting to infiltrate your network is critical, particularly if the attacker been able to breach your first line of defense. For 87% of IT pros, receiving a real-time alert by phone call, text or e-mail any time someone attempted to log in with a stolen password increased their confidence in the security of their network. For one-third, this would have a significant impact on their confidence level.

Real-time alerts increased confidence

A similar number of IT professionals, indicated that verifying user logins through an out-of-band phone call would increase their confidence.

out-of-band increased confidence

Given the increased confidence out-of-band authentication and the real-time fraud alerts out-of-band methods can provide, we asked respondents whether having these tools in place would impact their willingness to bet on the security of their networks – 78% answered in the affirmative.

78% of IT pros are at lease somewhat likely to raise their bet with out-of-band authentication and alerts

This lack of confidence in current security controls is driving adoption of out-of-band authentication from PhoneFactor. Nearly half (45%) of all respondents indicated that their company was planning to increase their use of out-of-band authentication over the next two years.

PhoneFactor provides strong protection from malware, fends off increasingly prevalent attacks, and shores up security for increasingly mobile workforces and the many devices that are used to access company networks.

If you aren’t willing to bet a dime on the security of your network, you are still taking a gamble. Put the odds in your favor with out-of-band authentication with real-time fraud alerts.

Posted in Blog | Tagged , , ,