Scott Goldman, CEO of TextPower (www.textpower.com), says:
Web site security is critically important to enterprises, financial institutions and e-commerce sites. But until recently the only way to secure web sites has been through a standard user ID and password combined with a “security token.” This token is most commonly a separate device that generates a random number which must be entered into a blank field on the web page after the host approves the ID and password as authentic. But these company’s token systems have been compromised and, moreover, users resist having to carry yet another device with them. They are living proof of the security industry’s truism, “In the battle of security vs. convenience, convenience always wins.”
Cell phones have already replaced calculators, cameras, navigation systems and boarding passes. As experts in the field of wireless communications we asked ourselves how to use these ubiquitous devices to replace these nearly-ancient “tokens” and make the process even more convenient. We did it by turning the cell phone security model upside down. Our multi-award winning and patent-pending TextKey™ solution is cloud-based and thus easier to implement and less expensive to deploy than other systems. Businesses of any size that must protect their web sites and VPNs from intrusion now have a solution that equals – or betters – the solution that Fortune 500 companies are using.
Most importantly, though, TextKey™ is more secure than other solutions. Unlike other systems that leave an unprotected data entry field open for hacking during the authentication process, TextKey™ generates a one-time password (OTP) which is displayed in plain view following the successful entry of an ID and password. That OTP must then be sent via a standard text message (SMS) to our authentication cloud from the cell phone preregistered as the device associated with that ID and password. Any type of cell phone will work – smartphones or “apps” are not required. TextKey™ uses the unique device identifier (UDID), the “fingerprint” of that cell phone, to confirm the authenticity of the code.
Only the correct OTP sent from the correct phone receives an authentication from TextKey™. If the correct code is sent from any other phone, including a phone that has been “spoofed” to emulate the mobile number of the authentic user, access is denied. In the event that someone attempts to violate the authentication process by sending the TextKey™ from a phone that is not preregistered as associated with that ID and password the TextKey™ system captures the phone number of the attempted hacker, making it possible to assist the authorities in tracking the attempted violator.
It’s essential for any growing business to seek a solution that’s affordable and scalable. TextKey™ offers a highly secure, inexpensive security solution that is scalable from 10 users to 10 million users, requires no hardware or software at the host’s server and can be implemented in under a day. All data needs protection. Now all companies can have it.