Deviceless 1.5 Factor Authentication
The aim of deviceless or 1.5 factor authentication (1.5 FA) is to deliver a one time code solution without the need for a separate physical device. Traditionally all one time code systems had to be two factor solutions and the codes were displayed on the second physical factor. In these cases the first factor was still a PIN or password.
In contrast, 1.5 FA does not require a PIN, password or second factor device at all. Instead a challenge is displayed directly on screen which only the user would know how to respond to; the response is a one time code.
Device-less 1.5 Factor Authentication bridges the gap between the convenience of passwords and the complexity of physical tokens. By simply replacing a password based logon with 1.5 FA you remove the threat of key loggers and malware trying to steal PIN’s and passwords. Once the password is replaced you have also just removed the costly and continuous password reset process.
- Does not require hardware tokens or software apps
- No costs associated with SMS/TEXT messages
- Replace passwords
- Integrate directly into web page or app
- Remove threat from key loggers
- Risk and cost appropriate security for lower value assets
- Convenient access to internal & Cloud-based applications
- Rapid adoption and deployment
- Seamless step-up to 2 Factor when needed
Our 1.5 Factor Authentication Technologies
PINgrid is a pattern based authentication type that uses a grid of numbers combined with a user defined pattern to generate a one time code. The pattern becomes a ‘what you know’ factor during the logon process, making this authentication type ideal for 1.5 FA solutions.
PINphrase is a familiar language based authentication type where users provide single characters from an answer to a well known question. Because the answer is not divulged by the user during the logon process, this can be used as a 1.5 factor solution. Users who have used online banking may be more familiar with this authentication type.
Frequently Asked Questions
How is 1.5 FA better than passwords?
Passwords are a single factor of authentication which are easily forgotten and users often write them down on post-it notes, or reuse them on multiple systems. They are easily stolen via malware and key loggers to be used at a later time by hackers. When you type in a password you have basically given it away as it could be intercepted at any time and should no longer be considered secret.
1.5 Factor Authentication does away with the static nature of passwords entirely. This thwarts malware and key loggers as a stolen code is no use once it has been used. Crucially, unlike a password, the “secret” the user knows the answer to is not given away during a logon.
All this is achieved without the need for a second factor device.
Is 1.5 FA as secure as 2 FA?
Strictly speaking, no 1.5 FA is not as secure as 2 FA. However it is much more secure than password based 1 FA.
1.5 FA is an ideal middle ground of increased security over passwords without the sledge hammer approach of adding 2 FA to everything. It is ideally suited to situations where some protection is needed to low value assets, however convenience is also critical.