Tokenless authentication just got easier with one time QR codesSESadmin 07/02/2014 Archive
SecurEnvoy has updated its Server Engine and released version 7.2. A key part of this version is its patent pending “One Swipe” technology, with which users can authenticate themselves with a simple to use one time QR code and authenticates them even if they have no mobile phone reception and no Internet connection. The user’s mobile phone displays a single-use QR code which the user simply photographs via a webcam.
The latest version allows a “One Swipe” registration button to be integrated into any HTML-based login screen.
The server engine forms the core of all SecurEnvoy solutions that are based on the principle of tokenless two-factor authentication. This approach makes additional hardware tokens and the like superfluous. Instead, users make use of their smartphones, tablets or laptops for this purpose: in order to login, a user requires personal login details as well as a passcode that is dynamically generated by the server engine. The latter is sent by a text message, e-mail, soft token app or voice call. This method forms the basis for the SecurEnvoy range of products, which includes SecurAccess for secure remote access, SecurPassword for password resetting, SecurICE for authentication in case of emergencies and SecurMail for secure e-mail transmission.
QR code used to confirm identity
With “One Swipe”, SecurEnvoy have revolutionised the login experience and make it easier to use than a password with all the added security of two factor authentication, even when they have no mobile phone reception and no Internet connection. In such cases, a user can simply enter a PIN into a soft token app, after which the device generates a single-use QR code. This is then photographed by the user with a webcam on a PC, tablet or laptop, thereby confirming the identity of the user.
New colour scheme
Version 7.2 has also gone to the next level in terms of ease of use. This is underlined by its improved performance and the option to change the colour of the graphical user interface (GUI). In this context, the IT team has the choice of using the traditional black background or the new default white colour scheme, which gives improved contrast. In order to provide increased security, the experts have also improved the IIS agent with regard to the detection of incorrect URLs. The agent is only required if the administrator installs SecurAccess and has to directly authenticate an application running on a Microsoft Internet Information Services (IIS) web server.