Web site security is critically important to enterprises, financial institutions and e-commerce sites. Until recently the only ability to secure web sites has been through a standard user ID and password combined with a “security token” in the form of a separate device that generates a random number which must be entered after the web site approves the ID and password as authentic.
This method is, by definition, problematic for users and IT departments that must implement it. It is complex, expensive to deploy, cumbersome to maintain and inconvenient for participants to use. A more effective, convenient and inexpensive method is necessary to make security available to a broader segment websites.
TextKey™ is a patent-pending simplified two-factor authentication system that employs a reversal of the common text messaging authentication process. The resulting service is a higher degree of security and easier implementation at a lower cost than any other two-factor authentication product on the market.
In the TextKey™ process a unique authentication code is displayed on a login screen following the successful entry of an ID and password. That unique code must then be sent via standard SMS to the TextKey™ processing facility from the cell phone preregistered as the device associated with that ID and password. Any type of cell phone will work – no smartphones or “app” is required.
If the correct TextKey™ code is sent from the preregistered phone access is granted. If the correct code is sent from ANY other phone, including a phone that has been “cloned” to “spoof” the correct phone, access is denied. If the incorrect code is sent from any phone access is denied. In the event that someone attempts to violate the authentication process by sending the TextKey™ from a phone that is not preregistered to that ID and password the TextKey™ system captures the phone number of the attempted hacker, making it possible to assist the authorities in tracking the attempted violator.
TextKey™ is an unique technology in that, it utilizes the “fingerprint” of a cell phone, otherwise known as the Unique Device Identification (UDID) to validate the authenticity of the sending device.
TextKey™ differs from currently available solutions in three fundamental ways:
- No third-party device such as a security token or “key fob” is required. Because TextKey™ utilizes the existing cell phone of the user wanting to log into a secure web site it is vastly more convenient. No additional devices must be remembered, carried or used. Similarly, companies that deploy the TextKey™ solution do not need to maintain an inventory of devices, track devices in the field or deal with inoperable, lost or forgotten devices.
- The TextKey™ solution is more secure than any other two-factor authentication (2FA) methodology. This is because only a single device in the entire world has the unique device ID of the cell phone associated with the user ID and password required for secure login and because no fill-in-the-blank field is left open on the web site. The entire verification process occurs through the TextKey™ cloud-based validation system between the user’s cell phone and our system, thus eliminating the computer, browser or malware as a possible point of intrusion.
- The TextKey™ solution is a zero-footprint, immediate deployment solution for web sites wanting to secure entry. As the entire process is based on standard mobile-originated SMS messages and is cloud-based no software is required at the web site or on the user’s cell phone. A small block of code (available as a free plug-in as part of the TextKey™ solution) inserted onto the web site’s login page is all that is required to deploy the solution.
TextKey™ therefore is more convenient for the user, simpler to deploy for the web site developer and lower cost for all parts of the process chain.