My company has just started using a service called PhoneFactor - basically it turns your phone, in this case my blackberry into a security token. I was wondering if anyone else had experience using phones as the '2nd factor' in a 2-factor authentication system?
I have done that via USB with other phones. All it does is put a file on the phone that the security software reads and then changes for next time. That's very basic but you get the idea. Phones are better then usb phobs since most people won't lose it as easy. BB would be better too if the pin is used since I know IMEI can be facked. I would explain the IMEI thing but for NDA.
What do you do for work that you need such security?
Posted from my CrackBerry at wapforums.crackberry.com
Being in the IT security field, I've worked with this before.
A lot of companies use 2 factor authentication to have users log in remotely into their corporate networks using a token key such as those from RSA.
They've long developped software tokens that you install on your blackberry.
The obvious advantage is to have less stuff to carry around...nothign new here but the rate of adoption is not very high as hardware tokens still dominate the market.
As more and more of these get to their end of life (typically 5 years), they will be replaced by software tokens as nowadays, more and more people will have smartphones such as blackberries, which weren't as widespread 5 years ago as they are today
Nope, it's easier than that. With PhoneFactor every time you access a PhoneFactor protected gateway you receive a call on your phone, press one button and your in.
A lot faster than having to plug in your phone every time, what if you don't have a usb enabled phone, what if you want to use a landline to secure you login?
