Two-factor authentication (2FA) systems have typically relied on hardware security tokens. In the past, 2FA hardware tokens offered a first layer of security, but hard tokens have become outdated. In today’s dynamic business climate, enterprises face sophisticated new risks that require more advanced software security tokens.

Software security tokens are the next generation in robust, convergent security in the digital ecosystem. Cheaper and more convenient than the hardware model, SolidPass goes beyond the standard 2FA to provide flexible, more integrated multi-factor authentication combinations.

Hard vs. Soft Tokens

Hard tokens generate a one-time password in order to provide security. While sufficient in the past, hard tokens face a number of major limitations in combating new security threats:

• Less Convenient - extra device (“wallet filler”) can be easily lost or forgotten
• Less Flexible – compatibility varies among different platforms, making it difficult for mobile users
• Higher Cost without addıtional value – high deployment and scalability costs, TCO at least 3 times highly than soft token
• Out of Sync – problematic synchronization
• Not eco-friendly – environmentally irresponsible waste
• Logistical nightmare
• Limited user interface with high learning curve required

Soft tokens offer more powerful, more flexible, more dynamic security infrastructure at a fraction of the cost. Ideally suited for the global, mobile user to stay connected in today’s world.

The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the mobile phone), SolidPass.

Two-Factor Authentication Methods

The types of authentication methods that are supported include:

• Event-based One-Time Password (OTP)
• Time-based One-Time Password (OTP)
• Security Question Authentication
• Challenge Response Authentication
• Transaction Data Signing (TDS)
• Mutual Authentication

SolidPass OTP works on a number of different mobile platforms (both feature and smartphones). SolidPass mobile tokens include the following:

• Android Token
• Blackberry Token
• Brew Token
• iPhone Token
• Java ME Token (J2ME Token)
• Linux Token
• Palm Token
• Symbian Token
• Windows Mobile Token

Desktop (PC) Tokens

SolidPass also supports desktop-based software tokens as well. The Desktop Operating Systems and Browsers supported are:

• Toolbar Token
• Java Token
• Linux Token
• Mac Token
• Windows Token

Software Token Embedded

SolidPass is a software based authentication token built such that it can be used as a stand-alone product or embedded in mobile applications, such as mobile banking. Thus, strong two-factor authentication (2FA) can be built into mobile apps or desktop-based applications.

Regulatory Compliance

Regulatory requirements are pressuring organizations to adopt stronger authentication methods and ensure more secure access to data systems and applications. Static username/password identity management no longer provides sufficient security to authenticate users. This has led to the adoption of two-factor authentication systems.

Legislation from the Sarbanes-Oxley Act (SOX), guidelines from the Federal Financial Institutions Examination Council (FFIEC), and recommendations from the Health Insurance Portability and Accountability Act (HIPAA) all require that organizations use stronger forms of authentication to guard against data theft, prevent fraud, and protect customer information and patient privacy. SolidPass helps organizations and enterprises comply with regulatory standards that cover authorization rules and auditing protocols.

In addition to non-compliance, organizations that continue to use static username/passwords face numerous problems ranging from brute force attacks, dictionary attacks, guessing and social engineering.

For the banking industry, 2FA is quickly becoming a mandatory offering for online and mobile banking.

• FFIEC Guidance on 2FA
• PCI Data Security Standards
• FACTA Identity Theft Red Flags

SolidPass security token can be used to prevent the following:

• Phishing Attacks
• Pharming Attacks
• Man-In-The-Middle Attacks
• DNS Cache Poisoning Attacks
• Trojans Attacks
• Man-In-The-Phone Attacks
• Browser Poisoning Attacks

OATH Compliant OTP Tokens

As a member of the Initiative for Open Authentication, SolidPass one-time-password tokens are built OATH compliant. SolidPass uses the standards-based HOTP algorithm endorsed by OATH, providing compatibility with third-party software.