Traditional two factor authentication is based on ‘something you have’ (a token) and ‘something you know’ (a PIN or password) used to authenticate a user. The issue with traditional systems is that the ‘something you have’ can be used by anybody who has it, not just its intended owner, and the ‘something you know’ (like a 4 digit PIN) can easily be stolen when you type it in (think keystroke logger).
With PINphrase, the ‘something you have’ (the question and random characters) can only be used by you and is of no use to anyone else. The ‘something you know’ (the answer) is never divulged in full and remains private during the logon process.
How it works
The Authlogics Authentication Server stores information about you, like a mother’s maiden name, a memorable place or date, your favourite sports team, or your own unique word. When you next try to log on, the system will prompt you for random letters from one or more random answers, but never the whole word.
After the first logon the user will be asked to provide answers to some of the generic questions setup by the administrator. It is not important for the users to answer the questions correctly or truthfully, as long as they they recall the answer they supplied when they need to logon. Since these answers are not passwords, they do not have to be alpha-numeric, mixed case etc, meaning there’s a greater chance that a user will not forget their answers.
- Familiar to users requiring little or no training
- Easier to remember than passwords reducing support help desk queries and costs
- Improves security over traditional passwords by combining multiple ‘something you have’ and ‘something you know’ factors
- Standards based OATH implementation
- FIPS 198 & 180-3 compliant