Here is an interview I did with David Hald founder and CEO of SMSPasscode, to catch up on the two-factor authentication scene and why security actually matters.
Why two-factor authentication and why SMS PASSCODE?
Most organizations have been exposed to unauthorized access attempts either by local “casual for fun” IT hackers or professionals residing in remote countries with little or no enforcement. Many have also been compromised with or without knowing it. Today, you can find cook-books on youtube on how to gain access to systems and you can even download hoards of utilities to automate it. The result is that even a less gifted college drop-out at the local dorm can pose a significant risk to any corporation. How do they find your door? Well, try and go to www.google.com and search on the “Citrix Login” keyword and you will find 3 hits just on the first page!
However, the more advanced threats are really taking off. Take an example that is fairly hot these days – then new Zeus malware has been designed specifically to compromise traditional tokens by “phishing” the code in real-time and send it via instant message to the hacker. This has put the trusted token under pressure and it is time to look at a new generation of identity theft protection.
What SMS PASSCODE represents, is a new and innovative internationally recognized solution that enables organizations and companies to easily protect employee remote access to corporate systems (Citrix, Microsoft icl. OWA, Virtual Desktops VPN, SSL VPN etc.) with two-factor authentication via SMS. In short, the solution first validates the user name and password before creating and sending a one-time-password only valid for that login attempt or in other words that particular login session. Because it can only be generated this way and only works for that login on that computer, it is secure against these modern threats.
So it is the increasing security concerns that drive it?
While the security is best with SMS PASSCODE, and it matters a lot to them, many clients opt for SMS PASSCODE or a mobile phone SMS based solution as much to avoid the hassle of administering and distributing physical hardware such as tokens as it is the security. So while we talk a lot about security, what it boils down to is the fact we have a more secure solution but that is much easier to implement and administer. And then it is views as smarter by the users which mean the users welcome this new concept, which embrace it and thus work more frequently accessing their work systems remotely increasing productivity.
Do you cover the systems needed or are you limited?
Nobody covers every system out there, but we think we are more or less among the vendors with the broadest “client portfolio”. We support all the various VPN and SSL VPN systems, most Microsoft systems such as Windows Logon, Terminal Services, OWA and TMG and then we also support most Citrix Systems such as CAGs, Web Inteface etc. We are actually the company behind the SMS Authentication option in the Citrix Receiver for iPhone and has been named a Citrix Ready Solution of the Year Finalist for that. We were next to vendors like HP .. how wild is that!
On version 4, our latest release, we actually were the clear technology leader and the only vendor that can offer sms based two-factor authentication to all the leading vendors being Microsoft, Citrix and VMware VDI access technologies. The technology lead is also visible in the awards we have gotten such as a Top 5 innovatorer by Secure Computing Magazine, Best Multi-factor authentication by the InfoSecurity Product Guide, a Citrix Ready Solution of the Year Finalists and most recently a White Bull Top 60 IT companies in EMEA award.
You do not reference mobile much?
That is not because I do not want to talk about it. As you might know, we are already working with the Citrix Receiver and the Cisco VPN clients on the iPhone. We have released our own Citrix Receiver companion app for the iPad Receiver and we have validated our solution working on the Andriod phones. So we have a lot to talk about but for now, look at our blog for the Apple platforms and stay tuned on the Android.
Anybody can try the SMS PASSCODE solution live on their own phone at demo.smspasscode.com site.