Verizon is enhancing its cloud-based Universal Identity Services (UIS) offering with new features that aim to make it easier for enterprises to benefit from two-factor authentication technologies.
Tracy Hulver, senior identity strategist for Verizon Enterprise Solutions, explained that the UIS update makes the service simpler for users. The UIS can connect with enterprise identity systems, including ActiveDirectory, and provide an additional layer of security with two-factor authentication options.
With two-factor authentication, users need a second factor, which could be a randomly generated password, in order to log into a given site or service.
"Lots of organizations have been struggling with how to properly roll out strong authentication to users and, at the same time, make it a better user experience than just providing a username and password," Hulver told eWEEK. "Making strong authentication difficult means that users won't use the service."
Among the usability improvement in the updated UIS release is the ability to use a Quick Response (QR) Code as a two-factor authentication mechanism. If users type in their usernames and passwords, they get the choice to scan a QR Code with their smartphones, Hulver said.
The idea is that the user's smartphone has been previously authenticated with UIS, so by scanning the QR Code, the user is able to prove his or her identity.
In many two-factor authentication systems today, the second-factor device will generate a random password, which a user will need to transcribe correctly. The QR Code negates the need for any transcription and makes it easier for users, according to Hulver.
Additionally, Hulver explained that since UIS is able to verify that a user employed a PIN to get access to his phone, he can also choose to just scan the QR Code, instead of also needing to enter a username/password.
"There is a binding process that happens with the device prior to the first-time use," Hulver said. "But that's a one-time process to set up."
In addition to the use of QR codes, a one-time password for two-factor authentication can also be sent to the user via email. There is also an option for a one-time password to be sent via an interactive voice response (IVR) phone call, as well.
"So, for example, if your cell phone is dead or you can't find it, you can set up UIS such that if a response is not received within 30 seconds, you can set up the service to dial your home number," Hulver said. "We encourage users to set up multiple second-factor processes so you can have a backup."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.