As advances in mobile technology continue to encourage distributed work teams and remote network access, ensuring a secure connection to networked resources has become a growing priority within the enterprise. Companies have traditionally taken one of two routes in ensuring a secure mobile connection, the first relying on a server to generate a one-time-password and forward it to the end user via SMS, and the second involving the use of separate, physical hardware tokens to validate user identity. Unfortunately, neither of these approaches is both completely secure and painless. The former provides opportunity for fraudsters to intercept SMS contents, while the latter relies on additional hardware that is both bulky and costly.
South Africa based FireID has developed a mobile authentication system intended to address the limitations of the current approaches. Specifically, the company has developed a mobile application that generates random one-time-passwords instantaneously and completely offline. For instance, a user can enter a password generated by FireID into an application or website, and FireID immediately will verify the password through a separate server. Once the user logs in, the password expires to prevent future access.
Authenticating network access in such a way eliminates the need for cumbersome security tokens, and is much more secure than the SMS-reliant approach. Furthermore, installation and use is quite simple. Channel partners can install the software onto their servers and then deliver the solution to their customers. With just a couple clicks, it’s distributed to users’ mobile phones.
FireID is not the only company in the space to ditch the SMS and token approach. RSA, VeriSign, and several others offer a similar software-based security solution. FireID seeks to differentiate by offering a unique build for each phone make and model. The application is currently compatible with nearly all Java, Windows Mobile 6 and recent-generation Symbian devices, and today the company has announced compatibility with the iPhone.
In the end, security is a front in which organizations have little room to compromise, and in organizations like banks the technology could be hugely advantageous. It will be interesting to see if other companies, in which security breaches are less a continuous threat, will be willing to adopt a new platform.