Forgettable passwords

May 2009 Products & Solutions

A South African company has developed a secure way to ensure users never need to remember their passwords again, all they need do is remember to take their cellphones with them.

South African software development company FireID has developed what is believed to be a world first – a highly secure system that provides a one-time-password (OTP) authentication solution by generating secure passwords and sending them to users’ mobile phones.

“This means people no longer have to remember complicated passwords or change them often as a new password is generated every time a login is required, and it expires immediately after use,” says FireID founder and strategic director Justin Stanford. “Most convenient of all, it runs on an existing hardware platform that people carry with them – the ubiquitous mobile phone.”

FireID founder and strategic director Justin Stanford
FireID founder and strategic director Justin Stanford

This universal personal authenticator has a multitude of possible applications and enables secure and easy authentication for people logging onto systems such as Internet banking sites, virtual private networks (VPNs) and others that are password-protected. FireID enables users to access multiple applications requiring OTPs from the same menu.

It does not rely on cellular network connectivity other than for initial deployment of the end-user token application. Importantly, it does not make use of text messages, or other forms of communication, to deliver OTPs to users. OTPs are generated on the user’s mobile phone independently and securely.

FireID significantly reduces overheads through its ability to deploy to thousands of users. Conventional authentication solutions use a key fob or hardware token to generate OTPs. The cost and maintenance of these tokens, plus distribution and management, are a logistical nightmare for most organisations. “FireID, by contrast, has been developed to significantly reduce overheads by offering a fixed annual cost and facilitating deployment to the user through a simple, tutorial-based process,” says Stanford.

How it works

FireID employs a back-end server and an end-user 'token' application running on the user’s mobile phone. The server authenticates the user logging on with a random one-time password generated by the token application on the user’s phone. This process takes place each time authentication to a FireID protected resource such as a Microsoft Windows PC logon, VPN or Web portal logon is required.

The token application is installed once on all end-users’ mobile phones and generates random one-time-passwords to allow users to authenticate to a FireID protected resource. The application supports almost all mobile devices using Java, and natively supports Microsoft Windows mobile devices.

The deployment system is able to automatically deliver custom versions of the token application to support a vast variety of different mobile phones. In addition, the token application can store many different tokens for authenticating to different resources, or even entirely different companies.

Each token operates independently and securely. The user simply chooses the token they want to use (such as 'My bank', 'The office', or 'Remote access') from within the FireID application, and an appropriate OTP will be generated. New tokens can be remotely and seamlessly added to a user’s FireID token application using background SMSs.

The token application can also be managed using background SMSs, performing administration tasks, such as resyncing tokens, in a completely secure manner.

How it is deployed

The FireID deployment process is designed to be as simple and automated as possible. Users must perform a once-off installation of the FireID token application on their mobile phone and migrate their account from normal static passwords to OTPs, generated by the FireID system.

Users can be deployed individually or in groups, making the process easy to manage. Only once a user has successfully installed the token application, and activated it, will their account switch over to FireID for authentication.

During deployment, each user will receive an automatically generated e-mail from the FireID server, and an online self-deployment tutorial will begin. This will verify the user’s identity and mobile phone number. From there, a simple walk-through process is followed, which takes users through the various steps.

The deployment process delivers the appropriate version of the FireID token application for the specific mobile device, its capabilities and specifications. Should the installation of the application fail, the FireID administrator is able to view the reason in the deployment logs.

The token application can optionally prompt for an activation code, once the user has successfully completed the installation. This code can be delivered separately to each user as an additional security measure to ensure identity verification.

Integration

FireID is designed to integrate into existing infrastructure to provide strong authentication services. It integrates with Microsoft Active Directory in realtime. “Unlike other authentication solutions, which perform a regular synchronisation to the directory resulting in conflicts and out of date information, FireID integrates directly and all data remains stored in the directory,” Stanford notes.

This allows administrators to continue using Active Directory management tools to manage their user base. To enable FireID for Microsoft Windows logons, a small replacement FireID Windows logon application can be deployed automatically using Microsoft network management tools to all workstations. Via RADIUS, FireID is able to provide authentication to a multitude of network devices and software, such as routers, switches, VPNs, RAS, network servers and many more. XML-RPC support allows easy integration with any Web-based portal, site or service.

High-level security

FireID is designed from the ground up to be highly secure. All processes have been carefully scrutinised and designed with security in mind, and secure encryption is used throughout. FireID administrators have complete control over FireID tokens and can revoke or issue them accordingly.

The complete system, including configuration settings and downloaded product updates, can be backed up and restored rapidly. The FireID back-end server keeps itself up to date with the latest version via secure HTTP updates, ensuring that the latest product improvements are installed at all times.

Applications

LAN and WAN: FireID is able to provide secure authentication for a variety of corporate network resources for internal and external security. Microsoft Windows logons on workstations and servers can be protected, as well as logons on Linux servers and other server types using direct Active Directory integration or RADIUS/PAM. Other network devices such as switches, routers and firewalls can also be easily integrated.

Remote access/VPN: Protecting remote access mechanisms into the corporate network is crucial to prevent unauthorised access by external users. FireID is able to protect these resources with strong authentication by easily integrating with existing devices and software using RADIUS.

Web: FireID provides strong authentication to an external user base which accesses a Web service or application, such as Internet banking, e-commerce sites, commercial portals or document repositories.

For more information contact Justin Stanford, FireID, +27 (0)21 687 9185, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Hikvision launches AcuSeek NVR
Surveillance Products & Solutions AI & Data Analytics
By integrating natural language interaction, Hikvision’s AcuSeek NVR enables precise video and image retrieval within seconds, marking a transformative milestone for the security industry's advance into intelligent and efficient applications.

Read more...
Biometric security key for phishing-resistant MFA
Products & Solutions Access Control & Identity Management
New FIDO-compliant USB, Bluetooth, and NFC BioKeys with biometric login and centralised management for phishing-resistant, passwordless multifactor authentication (MFA) for enterprise users.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Synology announces the PAS7700
Products & Solutions
The PAS7700 integrates two controllers and 48 NVMe SSD bays within a 4U chassis and can scale up to 1.65 PB of raw capacity with seven additional expansion units.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Analyse, automate, and optimise logistics processes
neaMetrics Surveillance Transport (Industry) Products & Solutions Logistics (Industry)
In today’s rapidly evolving logistics sector, the pressure to improve process efficiency, optimise resource usage, and ensure seamless security is more intense than ever. Smart, proactive surveillance is no longer a luxury — it is a critical operational necessity.

Read more...
Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Seamless visitor management
Secutel Technologies Products & Solutions
Secutel Technologies recently launched SecuVisit, a cloud-based visitor access control system. SMART Security Solutions asked Secutel’s Norman Pretorius for more information on the product and its capabilities.

Read more...
IQ Panels now supported by PowerManage
Johnson Controls - (Tyco Security Products) Products & Solutions
IQ Panels, now supported by PowerManage, simplify installation and data management. The PowerManage interactive platform allows for localised data storage, so customer information is not stored in the cloud or exposed to a third party.

Read more...
Remote monitoring made easy
Products & Solutions
Links Field Networks offers the wireless P5 Plus Solar outdoor PTZ (pan-tilt-zoom) camera, which is perfect for security monitoring in remote areas. It includes 4G connectivity with a data package.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.