What is 2-Factor Authentication?


2nd-Factor Authentication, also commonly referred to as 2-Step Verification requires an online account holder to present two separate passwords before being allowed to log in to their account.

The first password is the user’s primary account password and the second password is sent via SMS to a separate location as a unique, time-sensitive security token that expires in a pre-defined period of time (e.g., 10 minutes).

Security Is a Moving Target

Vulnerabilities can arise quickly. On April 2014 the world was made aware of an OpenSSL vulnerability now known as the “Heartbleed Bug”, a threat that had existed prior to its discovery on any website enabled with OpenSSL SSL/TLS technology. The threat exposed a vulnerability that could allow unauthenticated attackers to discover and steal private keys, passwords, session details, and data held in memory. The Heartbleed Bug reminds us once again that there is no silver bullet in security, it’s a moving target.

The following links provide useful info and additional resources about the Heartbleed Bug:

Cost of an IT Security Breach

Disruption costs can accrue at $50k per minute

Even a minor disruption can result in lost revenues, downtime and costs of restoring systems that accrue at an estimated rate of $50,000 per minute.1

Reputation costs can range from $20k to $5m+

A substantial event can result in reputation and brand damages that can exceed US$5 million over a 24 month period.2

Overall economic impact can range from $1m to $14m+

The economic impact of minor business continuity and IT security failures can cost an average of $1m, and can climb to $14M for a substantial disruption.2

Why Use One-Time Passwords?

With 2nd-Factor Authentication in place, even if an Internet attacker has stolen a user’s online account password by exploiting a vulnerability such as the Heartbleed Bug, they cannot log in without also having that one-time password which is sent to the mobile user’s phone.

This results in:

  • Reduced probability of an Internet attacker gaining access to an account, resulting in fewer security breaches
  • Fewer security breaches means lower total costs of disruption
  • The additional layer of protection can be advertised to account holders, and having this option available reduces the reputation risk following a security breach

3 Options for Deployment


Hybrid: Compatibility With Hardware Token Solutions

TIM alerts can be triggered from any web browser or from a mobile device in the field. The system can be pre-configured for real-time response, and scheduling capabilities enable advanced follow-up and ongoing incident management.

  • Deploy a Plug-and-Play solution that has proven compatibility with RSA Secure ID, Citrix, F5 Firepass, IBM and other leading hardware solutions
  • Hosted in Telstra’s mission-critical, high-availability environment
  • Provides a natural and seamless transitional technology for moving away from costly hardware tokens
  • Can significantly reduce maintenance and loss-management costs that are common in a 100% hardware-token environment
Read More


Cloud-Based Solution: TIM Authenticator

For customers beginning from scratch, TIM offers a SaaS application called TIM Authenticator, which is a highly available, geo-resilient, end-to-end solution.

  • Deploy a 100% cloud-based solution
  • Integrates with your online account systems (internal and external)
  • Automatically generates effective one-time passwords (OTPs) and sends to mobile
  • Customisation settings include tailored content of OTPs including format, type and character length
  • Preference settings include defining the OTP validity period and number of challenge attempts
  • Log and audit all interactions per employee
Read More


API-Based: Mobile Extension to Proprietary Systems

For customers that prefer to generate a one-time password using internal software, TIM APIs can extend an integrated mobile capability to deliver the mobile tokens to global mobile users.

  • Deploy an API solution that can import your existing security tokens from your proprietary system and send out via mobile channels to global mobile users
  • Uses RADIUS or HTTP web-based protocols
  • Compatible with Network Access Servers and VPN
  • Deploys in a hierarchical environment (allows defining access and capabilities for management and staff)
  • Real-time tracking & reporting with graphical reports
Read More

Deploy a Mission-Critical Solution for OTP

Enterprise-Grade: Powered by Soprano

TIM is a proven an intelligent, geo-redundant and feature-rich software platform that is powered by Soprano’s award-winning software platform which currently delivers message volumes in excess of 50 million mission-critical messages a month worldwide and has demonstrated its ability to handle volume spikes and maintain low message delivery latency and high platform availability.

Telstra: Trusted Brand with 24x7x365 Technical Support

TIM is integrated with Telstra high-availability network services to offer proven technical platform adaptability and stability to address the bleeding-edge messaging needs of financial institutions. TIM is backed by Telstra’s 24x7x365 highly available support team.

Designed for Complete Customisation and Integration

TIM’s flexible application framework can extend beyond 2nd-Factor Authentication to enable just about any business messaging use case. TIM deploys as a hierarchical, SaaS solution with a powerful enterprise administration portal and “Smart APIs” that can extend 2-way messaging to leading administration systems, CRM and HR systems, and various industry alerting and facility IT systems such as SAP and Oracle.

Integrates seamlessly with