GlobalSCAPE, Inc. has announced that it has formed a strategic technology alliance with SMS PASSCODE, a technology leader in adaptive multi-factor authentication. SMS PASSCODE’s multi-factor authentication platform now integrates with Globalscape’s secure managed file transfer solution, Enhanced File TransferTM (EFTTM).
The importance of stepping up user authentication
A username and password are no longer enough to authenticate the identity of employees accessing corporate networks and data. Research indicates that weak or stolen user credentials are the preferred weapons used by cybercriminals, and are behind approximately 76 percent of all network intrusions.
Traditional two-factor authentication requires something the user knows (usually a password) and something the user has (like a token, fingerprint or mobile phone). In the past, companies distributed hardware tokens to their employees to help validate their identity when logging in; however, over time, these types of solutions have proved cumbersome and expensive for IT to manage effectively, while offering little convenience for end-users.
SMS PASSCODE offers a balance between strong security and high user convenience, with features that include:
- Leveraging the one thing users always carry with them – their mobile phone – and provides a superior user experience by taking full advantage of contextual information such as time, geo-location, and type of login system being accessed.
- Intelligent authentication that sees whether users are logging in from trusted locations like home or the office, versus an airport lounge with public Wi-Fi (for example), and conveniently delivers the appropriate level of security for the users.
How SMS PASSCODE works with EFT
Globalscape EFT includes multi-factor authentication through the SMS PASSCODE platform. On a local or LDAP-authenticated site, the administrator can configure EFT to connect to SMS PASSCODE to deliver a one-time use passcode via text message (SMS), a voice call, through email, or via an app to the user’s mobile phone as part of the login process for HTTP, HTTPS or SFTP transfers. Codes are generated in real time when the user enters a correct username and password, and the codes are locked to the session ID of the device used to log in from for added security. Following the successful entry of the SMS code, the user has full access to their files and folders. Any user account that is configured to use SMS authentication must supply the correct user name, password and unique one-time passcode delivered to their mobile phone in order to log in.