PhoneFactor from Positive Networks does this and more. The combination of the product’s functionality, its ease of use and the company’s business model make this a highly innovative multifactor authentication solution.
There are several problems that PhoneFactor solves. The first solution is strong authentication. PhoneFactor lets a user log into a PhoneFactor-protected resource using multifactor authentication.
The second solution is ease of use. The product uses a self-service website to setup users during the authentication process. It could not be easier.
The third tool is Positive Networks’ business model. PhoneFactor is available, bare bones, at no cost. If you want to do other things beyond the simple, free offer there are several very reasonably priced options that considerably extend the value of PhoneFactor.
At its core, the product is a simple authentication mechanism that works based on the notion that the user has a unique telephone number that can be called to solicit a predetermined response. In the free version, a single character on the phone is the only response needed.
When the user attempts to log into a PhoneFactor-protected resource, the PhoneFactor agent causes the pre-programmed phone number to be called. When the phone rings, the user must return the character that authenticates them to the agent, thus opening access to the resource. In this way, the user logs in using normal ID and password (something they know). PhoneFactor dials the user’s phone (something they possess) and the user acknowledges with the correct character (something else the user knows). The user can change phone numbers on a simple self-service website.
There are no software add-ins to the phone and there are no text messages, so any phone will work. While the free version allows as many users as desired, it only works with a single application (such as a web portal or VPN). The commercial version has suites of extra cost options that allow such additional features as more applications, multi-server deployments, additional support for in-house IT administrators and end-users, customized emails and phone greetings, PIN mode, instant fraud alerts, Active Directory synchronization, and a customizable user portal for enrollment and phone changes.
PhoneFactor works with RADIUS, Citrix, many single sign-on applications, most VPNs and many other applications and portals.
Support for PhoneFactor is first rate and has full 24/7 support if you select the enterprise platform version. Special support packages exist for IT administrators and for help desk engineers.
Pricing for premium versions of PhoneFactor starts at $6,500 per year for up to 500 users. This base package contains additional application support, redundancy, customization and gold support for IT administrators. From there you can add additional premium modules starting at $1,000 per year and ranging all the way up to $3,000 per year.
Beyond the obvious advantages of this authentication system is the true out-of-band nature of the authentication. Nothing is being done over the network to which a user is being authenticated. Additionally, most similar systems work much like time-base pass-code generation tokens. These tokens create a one-time pass-code that lasts for up to about a minute after the user correctly enters a PIN into the device.
PhoneFactor generates no such code. The phone simply receives a notification that it is being called by PhoneFactor and the user replies either with a single key or a PIN. There are several advantages to this, most notable being the lack of the need for a screen on the phone. Since many business phones have no screens, any authentication mechanism that uses a phone and generates a code is useless for those phones.