Twitter does away with passwords – but at what price?SecurEnvoy 17/11/2014 Industry News
The Twitter microblogging service recently declared war on passwords. Rather than having to remember dozens of different passwords, users can now authenticate themselves via the “Digits” service (a social sign-in) when using an app. They have to supply their mobile phone numbers for this purpose. In order to log into Twitter or other sites, users receive a code via SMS, which is then entered as proof of identity and allows access. Sounds convenient – but what happens if mobile phone reception is disrupted or not available?
Logging in would be impossible in such cases, as the second factor – the code – would not be available and access would therefore be denied. Users may well become disgruntled if, due to the lack of a signal or a delay in SMS transmission, they receive codes late or not at all.
However, this shift away from protection using solely passwords to combined authentication methods at least shows that awareness of the need for better security is increasing. More and more online services are giving their users the opportunity to confirm their identities by means of two-factor authentication, thus reducing the risk of attacks by hackers.
Using the preload approach to circumvent delays
SecurEnvoy provides tokenless two-factor authentication solutions that are perfect for use in businesses or government agencies. The solutions work in a similar way to Digits, but are more reliable. Instead of a dedicated token, users just need a mobile device such as a smartphone in order to receive the passcode via SMS, which is then entered together with personal login details. Extra reliability is provided by SecurEnvoy in the form of preloaded codes, which means that when a code is used, it automatically expires and is immediately replaced by a new one. There is thus no risk of having to endure a period of waiting when it is time for the next login. This way costumers can enjoy the benefits of the patented preloading technology developed by SecurEnvoy – by the way also the inventor of SMS authentication, first done 15 years ago.