PhoneFactor Extended Edition
Strengths: Easy-to-deploy, hosted-style offering for management and reporting.
Weaknesses: Reporting and audit/logging is limited.
Verdict: Good offering for what it’s designed to do. Not sure how well it would scale for a large enterprise.
SummaryPhoneFactor Extended Edition v2.7 works by using a phone as a second factor of authentication, something you have. There is no software for end-users to install.
PhoneFactor uses any phone (mobile or landline) as a second factor of authentication. The user simply logs in as they normally would, their phone rings, and they press # or enter a PIN on the phone to complete the login. This convenient process takes only seconds. PhoneFactor's completely out-of-band solution offers protection against man-in-the-middle attacks and keystroke logging. It also offers advanced security features like real-time fraud alerts and transaction-level verification.
With PhoneFactor, there is no hardware to buy, configure or support. The user already possesses and maintains the necessary device - their phone. It integrates with Active Directory and LDAP, so initial user setup is extremely efficient for IT. It also incorporates user self-service tools for features like a user self-enrollment and the ability to change user preferences, so ongoing IT support is extremely minimal.
The solution can be used to add a second factor of authentication to a VPN, remote desktop protocol (RDP), websites and Outlook Web Access (OWA). We tested web authentication and RDP in our lab. The solution worked as advertised. As we performed our normal login sequence, entered our username and password, PhoneFactor would make a call to the phone we programmed and require us to hit # to complete the login.
We did not test the VPN solution, but PhoneFactor does support VPN integration. The PhoneFactor agent inserts itself between a RADIUS client and a RADIUS server. The PhoneFactor Agent serves as a RADIUS proxy, accepting requests from RADIUS clients, forwarding them to a target RADIUS server, adding PhoneFactor authentication, and sending a response back to the RADIUS client. The entire authentication will succeed only if the authentication to the RADIUS server and the PhoneFactor authentication both succeed.