Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Reviews

    Free 2-Factor Authentication Is Calling

    By
    Jim Rapoza
    -
    September 7, 2007
    Share
    Facebook
    Twitter
    Linkedin

      PhoneFactorPretty much everyone in the security world agrees that two-factor authentication is the way to go when it comes to protecting access to corporate resources such as VPNs, Web mail, and sensitive Web applications and data. Basing access on something a user knows (such as a user name and password) and something the user has (such as a fingerprint) provides much higher security than any system that relies on the very weak security of the one-factor standard of user names and passwords.

      However, the problem is that while everyone agrees that two-factor authentication is more secure, many businesses, especially smaller ones, struggle with the cost and complexity of maintaining standard two-factor systems that rely on smart cards, tokens or biometrics.

      Attempting to solve both the problems of cost and complexity is a new service called PhoneFactor. The cost solution is very simple in that the base PhoneFactor service is free. And PhoneFactor addresses the complexity issue by not relying on biometrics, tokens or smart-card systems that require special hardware and can be time-consuming to manage.

      PhoneFactor AgentInstead, the second factor that PhoneFactor uses is, not surprisingly, the telephone. Using the PhoneFactor service, businesses can add two-factor security to VPNs, Web applications or any system that supports RADIUS with very little upfront work and without having to provide any special hardware to users. And in my tests PhoneFactor worked so well and so easily that I am awarding it an eWEEK Labs Analyst’s Choice.

      To test PhoneFactor, I set up an account for eWEEK Labs and downloaded the PhoneFactor Windows agent application. Upon launching, the program asked what I wanted to secure (VPN, Citrix Web Interface, Outlook Web Access, Web site or other) and after choosing Web site I was quickly up and running. From the agent’s Window console I could pull users from my Active Directory or enter users manually. After adding the users, I simply entered a phone number for each user and then enabled them for PhoneFactor authentication.

      When a user accessed the application I had protected with PhoneFactor, he or she first entered a user name and password. PhoneFactor then called the user’s phone and prompted the user to hit the pound button to complete authentication. Once this was completed the user had access to the application.

      I was very impressed with how simple and elegant this solution proved to be. Along with the Windows agent console, PhoneFactor also provides a Web-based management console (of course protected by PhoneFactor).

      When compared to managing a traditional hardware or biometric-based solution, the PhoneFactor service really makes sense. Since no special reader hardware is required, users can access applications from any system. Also, if a user loses the phone, it’s a simple matter to change the number in that account, which is much easier than having to send out a new token or smart card.

      PhoneFactor WebWhile the PhoneFactor agent is Windows only, PhoneFactor does provide several SDKs for installing the service on Linux and Unix systems. These aren’t as simple as the agent and require some system tweaking to get working. Also, the readme files and samples weren’t that in-depth, meaning many businesses may seek support when installing the SDKs.

      And support is one of the areas where PhoneFactor’s maker, VPN solution provider Positive Networks, hopes to make money from this service. Businesses needing support will have to pay for that service. Other capabilities that aren’t provided as part of the free service but can be upgraded to for a fee include customizing the message on the authentication phone call and more advanced management and integration options.

      Given the ease of implementation and the simplicity of the solution itself, I think any business that is at all interested in the improved security that two-factor authentication provides should definitely test out the free PhoneFactor service. For more information and to download the agent, go to www.phonefactor.net.

      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×