"Hack-Proof" TextKey Turns SMS Authentication on Its Head


Userlevel 7
Badge +54
By Neil J. Rubenking
 


 
 
You've probably encountered one of the website authentication schemes that work by sending a one-time code to your smartphone and having you enter it online. The Mobile Transaction Authentication Numbers (mTANs) used by many banks are one example. Google Authenticator lets you protect your Gmail account in the same way, and various other services—LastPass, for example—support it as well. Unfortunately, the bad guys already know how to subvert this type of authentication. TextKey's SMS authentication is a new approach, one that protects every stage of the authentication process.
 
Full Article
 
Now I like this idea.

15 replies

Userlevel 7
Badge +62
Thanks Jasper I like this also and also very interesting article. 🙂
Userlevel 7
Interesting and important information!
Thanks for posting Jasper 😃
Userlevel 7
I actually don't see the difference between this and what my Bank already uses and has been using for a while now (perhaps they are calling that TFA incorrectly)...unless I am missing something.
Userlevel 1
Hello,
 
I'm the co-founder and CEO of TextPower, makers of the TextKey authentication product featured in the article you are referencung.
 
TextKey works very differently under the hood than other authentication services do but from the user's perspective the simple difference is that you send a text message with the code that appears on the web page instead of entering a code that is texted to you.  
 
There are many reasons why this is vastly more secure than current 2FA methods - I'd be happy to discuss them here but am always concerned about turning a forum into a commercial. If you'd like to continue the discussion here we can do that but if you'd prefer to do it privately we can do that, too.  
 
Alternatively you may be interested in watching me explain the differences on a 7-minute video here:
 
http://www.finovate.com/spring14vid/textpower.html
 
Please let me know how I can help you understand this further and I'll be happy to assist.
Userlevel 7
Hi TextPower
 
Welcome to the Community Forums.
 
Thanks for stopping by and sharing.  I am sure that the members will take the opportunity to understand more.
 
Much appreciated.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +62
Yes TextPower...I as well would be interested. 🙂
Userlevel 7
Badge +54
Hi and welcome to the Webroot Community Scott. I have just watched that video and it is incredibly simple and like you said at the beginning, "how come nobody thought about doing this before."
I think it is a great way of authentication and although the product was only launched in April this year I am sure it will go well for you.
Userlevel 7
Completely agree, Jasper...and am wondering if it may not be something that might go well with WSA in terms of more secure authentication?
 
Just a thought?
Userlevel 7
Thank you for stopping by!  Personally, I appreciate it, as well as your approach in not making a commerical out of things.  Very well done and welcome to the Community.
Userlevel 1
Wow - thank you all for that nice welcome.  I look forward to participating in further discussions. I try to look at things objectively so if anyone has questions about 2FA in general I'll answer them the same way.  Let me know if I can help further.
Userlevel 7
@ wrote:
Wow - thank you all for that nice welcome.  I look forward to participating in further discussions. I try to look at things objectively so if anyone has questions about 2FA in general I'll answer them the same way.  Let me know if I can help further.
Oh, I WILL be asking you when I have the time 🙂 I will leave this to the Mods as to what degree we can all discuss things in open forum or if we should be taking questions/answers to the realm of  PM's.
 
 
Userlevel 7
Hi David
 
I would have thought that it would be OK to discuss 2FA in more detail in the Techie Forum, which is effectively an open forum for technical discussions as I understand  it.
 
What do  you think?
 
Regards
 
 
Baldrick
Userlevel 7
My personal opinion is yes indeeed!  I just wanted to be sure it is OK by the Mods.  :D
Userlevel 7
Badge +62
Hey guys I'm all for it...:)
Userlevel 7
Badge +54
I think it is an excellent idea actually.

Reply