PINphrase is a fresh authentication approach which ought to provoke an ‘ah-ha!’ moment when you see it. It requires little to no user training as users are not required to learn or remember anything new, instead they just use information they already know.
PINphrase fuses ‘something you have’ and ‘something you know’ rendering them inseparable which drastically increases logon security by preventing reverse engineering.
How it Works
The server stores information about you, like a mother’s maiden name, a memorable place or date, your favourite sports team, or your own unique word. When you next try to log on, the system will prompt you for random letters from one or more random answers – never the whole word.
Say you’d stored the phrase “Samantha” as your first cat’s name. The PINphrase way of asking you to logon might be:
“Please enter the 1st, 4th, 5th and 2nd last characters of your first cat’s name.”
…to which your answer is ”sanh”. You may have already seen something similar on a few modern Internet banking websites.
- No hardware token required
- Securely logon on to Windows Desktops
while in or out of the office
- Highly competitive pricing –
especially compared to hardware
- Emergency Override Access
- Secure access to internal &
- 1.5 and 2 factor authentication
- Real-Time or Pre-Send token
delivery via SMS or email
- SMS flash and message overwrite
- Active Directory or LDAP database
storage (no schema extensions)
- RADIUS & Web Services interface
for universal integration
- Rapid user provisioning
(thousands in an hour)
- Web-based Operator portal for
help-desk day-to-day operations
- Self service password reset
- FIPS 198 & 180-3 compliant
Traditional 2 factor authentication is based on ‘something you have’ (a token) and ‘something you know’ (a PIN or password) which is supposed to help identify a user. The issue with traditional systems is that the ‘something you have’ can be used by anybody who has it, not just its intended owner, and the ‘something you know’ (like a 4 digit PIN) can easily be stolen when you type it in (think ‘keystroke logger’).
What’s great about PINphrase is that the ‘something you have’ (the question and random characters) can only be used by you and is of no use to anybody else even if they got hold of it. The ‘something you know’ (the answer) is never divulged in full and remains private during the logon process.
Although the system appears overly simple, the level of security should not be underestimated.
After the first logon the user will be asked to provide answers to some of the generic questions setup by the administrator and may even wish to remove the codeword altogether. Obviously it is not important for the users to answer the questions correctly or truthfully, just so long as they recall the answer they supplied when they need to logon. Since these answers are not passwords, they do not have to be alpha-numeric, mixed case or have a punctuation mark in it which means there is a very good chance that a user will not forget their answers.
Combining standards based OATH and de facto authentication methods for their ease of use and familiarity results in a hybrid approach that provides strong security and retains ease of use and low cost of ownership.
PINphrase is proving to be the answer to many organisation’s security concerns and suits many usage scenarios.