We are proud to announce that PhoneFactor has been selected as one of the Top 10 Technologies for 2008 for the banking/financial services industry. Check out the story below. Thanks.
Evan.
Tough news stories require tough reporters to really dig in and get to the bottom of the issues. No one does this better than JoJo JoHanson. Take a moment to watch the video below that delves into the dark secrets of online banking that your banks don’t want you to know. Sometimes it take a serious reporter to really tackle the serious issues.
http://www.youtube.com/watch?v=StLaBax7CvU
Enjoy.
Evan.
As the purveyers of an offering that promotes the fact that tokens are not necessary for secure two-factor authentication, it warms the heart to see the current issue (June) of Wired Magazine. They have selected SecureID tokens as one of the “worst gadgets ever.” I particularly enjoyed the quote that was along the lines of “remembering a time when your IT people didn’t yell at you for losing things.”
Secure authentication is good. Tokens……..not so much.
Evan.
OpenID continues to grow at a tremendous rate. It allows users to create their own personal identity and use it to access more than 10K web sites (and growing). It has been endorsed by Google, Yahoo, IMB, etc. and appears to be one of the open source technologies that will take hold and become a mainstream standard.
Of course, the power of OpenID can also be a danger. Maintaining a single (or a few) OpenID identities is simple, but it also makes the case for strong authentication security even more important. If someone gets your password (through whatever means), they can potentially access a lot of important imformation without your concent.
This has led to a great new offering from Positive Networks/PhoneFactor and JanRain regarding using PhoneFactor authentication with OpenID. It is now available in the US (and some other places on a test basis) and you can create an OpenID account enabled with PhoneFactor two-factor authentication at www.myopenid.com
Check it out and the announcement is below:
https://www.phonefactor.com/pressrelease051208.php
Evan.
You can’t hold back the people when the people want PhoneFactor! LOL. Check out the pictures below to see people that are protesting the lack of PhoneFactor at their banks.
http://pic15.picturetrail.com/VOL628/2686344/19665941/317027300.jpg
http://pic15.picturetrail.com/VOL628/2686344/19665941/317027302.jpg
http://pic15.picturetrail.com/VOL628/2686344/19665941/317027304.jpg
Give the people what they want. www.phonefactor.com and www.Iwantmyphonefactor.com
Evan.
PhoneFactor becomes one of the very first serious security products to tackle the mainstream media. Check out
You can see the 30 second spot that is being shown on television telling people that they need to strengthen the security associated with their personal finances. It gives people the opportunity to proactively contact their banks to encourange them to get serious about security.
While it mocks the other ads that have been run about identity theft and the security currently provided, it really is meant to point out a serious issue that exists for most people that want serious protection for their accounts.
Check it out.
Evan.
I’m sure you’ve all seen the commercials by now - a well-dressed gentlemen bearing a striking resemblance to one of the James Bonds learns of ongoing credit card fraud and goes hurdling through the streets to catch the crook in the nick of time.
Of course, surprisingly enough, that’s not quite reality. What has really happened? Mr. Bond has been notified after the fact that a transaction has taken place. The bad guy has already walked out of the store with the goods!
I have basically the same service on my Bank of America credit card. Just to experiment, I decided to have them alert me whenever any transaction greater than $1.00 took place, no matter what. I rarely use that card, so I didn’t think it would generate much e-mail.
Well, it didn’t — that was the problem! I charged something on April 3 for about $38, and just today, on April 8, I got a notification from them of the charge. So much for hurdling over parked cars to get to the crook!
All of these are great marketing ideas, but they miss the point. They are helpless to prevent the actual problem, which is that the bad guy successfully uses the card.
PhoneFactor to the rescue! With PhoneFactor, events can be confirmed in advance, rather than the notification arrangement in the TV commercial. Event confirmation with PhoneFactor has the potential to bring a whole new level of control to your financial life. Imagine giving your teenager a credit card "for emergency use only" and getting a call that a $100 purchase was being made at Best Buy. You’d have the option to deny the charge right then and there.
Event Event Confirmation with PhoneFactor can be used for a wide variety of confirmations, such as changing passwords, mailing addresses, and so on. And, of course, it can keep the bad guy from using your card in the first place!
I want to star in that commercial when it comes out!
-Steve
Once again, PhoneFactor prevails against the evil hackers of the world. Check out the video below. While it is just a dramatization, I suspect that you will be able to feel the tension and the real-world drama associated with the situation. Where will you be when PhoneFactor saves you? The sound of security is getting louder!
Evan.
http://www.youtube.com/watch?v=r94dY-kKvw0
Lots of people use online financial websites of one sort of another, from online bill-pay to brokerage accounts and more. Some sites, like E*Trade, offer you the option to pay for two-factor authentication tokens. E*Trade’s is about $50 a year, and comes in the form of an RSA SecurID token. I have it and use it, and aside from the many annoyances associated with tokens, it does its job.
I noticed after I started using it that there are a couple of really major holes in the implementation. First off, the token isn’t required for telephone access. The phone menu prompts you for the very same password you use on the website, but doesn’t require the second factor at all. I guess the theory is that crooks are less likely to think of abusing the phone system?
But wait, it gets worse. I’m also an avid user of Quicken, and I have it configured to download new transactions from all of my bank accounts. Sure enough, it logs into E*Trade and requests my balances, portfolio, transactions, and so on, without using two-factor. I don’t know what other functionality is exposed through that API, but in any case, that looks like a pretty considerable implementation bug to me.
The problem isn’t really E*Trade’s fault; they have no (good) way of requiring every client out there to update its user interface. The only interface they control is the website— as soon as you publish an API that can be accessed remotely, you lose control of the UI. E*Trade has no way of going back to Quicken 2007 and making it prompt for a token, and even if they could, that kind of thing would render useless the PIN Vault that is supposed to store all of your passwords.
This is the kind of environment where PhoneFactor can make a difference. Whereas most other two-factor systems require some change to the user interface (or some nontrivial training on how to use the existing UI differently), PhoneFactor generally doesn’t. PhoneFactor authentication is out-of-band, and is triggered by the server side, not by the client. Because of that, application software like Quicken generally doesn’t need any modification to work well with PhoneFactor.
Remember, crooks are lazy - if you make one attack too difficult, like going in through the front door, they’ll find another easier way, like going in through the API the way Quicken does. For security to be effective, you have to guard all the doors.
-Steve
If you are in the area and can go to the RSA show at the Moscone Center in San Francisco, please stop by both 127 to check out PhoneFactor. Should be fun and there will be live demos, info and prizes. Tuesday the 8th through Thursday the 10th.
If you have not been to RSA before, it is one of the biggest security shows around and there will be lots of cool companies/products. I will try to get a few pics while attending.
Evan.
