2nd-Factor Authentication, also commonly referred to as 2-Step Verification requires an online account holder to present two separate passwords before being allowed to log in to their account.
The first password is the user’s primary account password and the second password is sent via SMS to a separate location as a unique, time-sensitive security token that expires in a pre-defined period of time (e.g., 10 minutes).
Security Is a Moving Target
Vulnerabilities can arise quickly. On April 2014 the world was made aware of an OpenSSL vulnerability now known as the “Heartbleed Bug”, a threat that had existed prior to its discovery on any website enabled with OpenSSL SSL/TLS technology. The threat exposed a vulnerability that could allow unauthenticated attackers to discover and steal private keys, passwords, session details, and data held in memory. The Heartbleed Bug reminds us once again that there is no silver bullet in security, it’s a moving target.
The following links provide useful info and additional resources about the Heartbleed Bug:
Cost of an IT Security Breach
Disruption costs can accrue at $50k per minute
Even a minor disruption can result in lost revenues, downtime and costs of restoring systems that accrue at an estimated rate of $50,000 per minute.1
Reputation costs can range from $20k to $5m+
A substantial event can result in reputation and brand damages that can exceed US$5 million over a 24 month period.2
Overall economic impact can range from $1m to $14m+
The economic impact of minor business continuity and IT security failures can cost an average of $1m, and can climb to $14M for a substantial disruption.2
Why Use One-Time Passwords?
With 2nd-Factor Authentication in place, even if an Internet attacker has stolen a user’s online account password by exploiting a vulnerability such as the Heartbleed Bug, they cannot log in without also having that one-time password which is sent to the mobile user’s phone.
This results in:
Reduced probability of an Internet attacker gaining access to an account, resulting in fewer security breaches
Fewer security breaches means lower total costs of disruption
The additional layer of protection can be advertised to account holders, and having this option available reduces the reputation risk following a security breach
3 Options for Deployment
Hybrid: Compatibility With Hardware Token Solutions
TIM alerts can be triggered from any web browser or from a mobile device in the field. The system can be pre-configured for real-time response, and scheduling capabilities enable advanced follow-up and ongoing incident management.
Deploy a Plug-and-Play solution that has proven compatibility with RSA Secure ID, Citrix, F5 Firepass, IBM and other leading hardware solutions
Hosted in Telstra’s mission-critical, high-availability environment
Provides a natural and seamless transitional technology for moving away from costly hardware tokens
Can significantly reduce maintenance and loss-management costs that are common in a 100% hardware-token environment
TIM is a proven an intelligent, geo-redundant and feature-rich software platform that is powered by Soprano’s award-winning software platform which currently delivers message volumes in excess of 50 million mission-critical messages a month worldwide and has demonstrated its ability to handle volume spikes and maintain low message delivery latency and high platform availability.
Telstra: Trusted Brand with 24x7x365 Technical Support
TIM is integrated with Telstra high-availability network services to offer proven technical platform adaptability and stability to address the bleeding-edge messaging needs of financial institutions. TIM is backed by Telstra’s 24x7x365 highly available support team.
Designed for Complete Customisation and Integration
TIM’s flexible application framework can extend beyond 2nd-Factor Authentication to enable just about any business messaging use case. TIM deploys as a hierarchical, SaaS solution with a powerful enterprise administration portal and “Smart APIs” that can extend 2-way messaging to leading administration systems, CRM and HR systems, and various industry alerting and facility IT systems such as SAP and Oracle.