Turn your phone into an Authentication token!

I was turned onto this Authentication Solution recently, and I have to admit after having looked the site over that the possibilities for this type of a solution are extremely high!  Cost of Ownership appears to be significantly lower than a Token Key system (think SecurID), which means Return on Investment will likely be much higher.

Here’s how it works on a pre-configured site:

  • Enter your usual username and password.
  • Instantly, you receive a phone call. Answer and press the pound sign (#).
  • That’s It!

This simple process provides two separate factors of authentication through two separate channels (your computer and your phone service).  So instead of just answering a network challenge by providing your PIN and PASSCODE displayed on your SecurID token, this service will call your cell-phone and then you enter a # into your phone.

Some advertised benefits:

  • Works with any VPN, enterprise application, or website
  • Eliminates the need for tokens
  • Works with any phone anywhere
  • Easy to setup, manage, and use

Pretty cool, huh?   For more details, check out their homepage

Another HSI (High Speed Internet) Router setup

Today I got to work on a new brand of Router currently being distributed to Verizon High Speed Internet (HSI) customers: the ActionTec modem & DSL Router GT704-WG (presumably for “Wireless-G”).

It had a nice browser interface, but a very limited implementation of WPA, in that it only allowed alpha and numeric characters for key-entry.  This goes against the industry standard, which is to allow additional characters (specifically special characters) to be used in key generation.  If the intention is to secure the connection between the client and the access point, then why reduce the effectiveness of that security by limiting the character-set the key is based on?  Sigh…

Security in a Mobile World part-4 Posted

Today I posted the last part of my four part article “Security in a Mobile World”.   This article part, as well as the prior 3 parts, can be found at Mobility Today.

Security on the PocketPC platform is a great deal different than your laptop. Security issues considered minor on the Laptop platform like Physical Access, Application/Data Access, and Theft/Loss Mitigation are more substantial on the PocketPC platform, because the PocketPC is infinitely easier to steal than a laptop. And larger issues on the Laptop like Firewalls, AntiVirus, and AntiSpyware become less predominant because the PocketPC platform offers less of a potential target for hackers. Because there is currently more interest in cracking Windows PC data and applications, the PocketPC platform is relatively safe, but that will change soon enough.

If you would like to read the entire 4th part of this article, click here.

Security in a Mobile World part-3 Posted

Today I posted the third part of my four part article “Security in a Mobile World”.   This article part, the prior 2 parts, and the remaining  part will continue to be published at Mobility Today.

It is a well known fact that most every Laptop user could stand to improve their privacy (and overall security) when utilizing their PC for everyday use. This installment is geared towards getting you started on the right path towards accomplishing this goal.

If you would like to read the entire 3rd part of this article, click here.

Security in a Mobile World part-2 Posted

Today I posted the second part of my four part article “Security in a Mobile World”.   This article part, the prior part, and the remaining 2 parts will continue to be published at Mobility Today.

Public wireless hotspots are, by definition, meant to be public, and so it goes that private hotspots are meant to be private, regardless as to whether or not the hotspot is encrypted to keep unauthorized users out. This is the same as recognizing the difference between a grocery store and a residential home. A grocery store is open to the public, and you can walk through the door and browse among the aisles to your hearts content. Likewise, it is generally understood that it is completely unacceptable for someone to just walk into another person’s home unannounced. It needs to be understood and accepted that a private Wi-Fi LAN is essentially an extension of someone’s personal property.

If you would like to read the entire 2nd part of this article, click here.

Security in a Mobile World part-1 Posted

Today I posted the first part of my four part article “Security in a Mobile World”.   This article part, and the following 3 parts will continue to be published at Mobility Today.

Security is a multilevel concept, in both the mindset and it’s practical application. The mindset refers to keeping the concepts of security at the front of your mind while you go through your daily activities. The practical application is Security itself. For now, I will only attempt to touch on the important levels (under the heading of Practical Application) that Mobile Users need to consider in today’s environments. Later I will touch on the mindset aspect of Security.

If you would like to read the entire 1st part of this article, click here.