Technology Leader in Adaptive
Multi-Factor Authentication
SMS PASSCODE A/S
We are a technology leader in adaptive multi-factor authentication software.
We ensure employees can easily and safely access corporate networks and applications
remotely.
We provide IT/security managers with a cost-effective and easy-to-maintain offering that
secures remote access systems, including Microsoft, Citrix, Cisco and Juniper.
What does it do
»
Authenticates users - tries to guarantee that the
right person is logging in.
»
Authentication
»
2FA
»
MFA
»
Token
Technology Evolution
Hardware Tokens
+ Introduction of two-factor auth. ÷ High cost on tokens
÷ Distribution & administration cost ÷ An extra thing to carry
80-90’s
Mobile based solutions
+ Real-time multi-factor auth. + No hardware distribution ÷ Deployment of soft tokens / apps ÷ Regional SMS delivery challenges
00’s
Adaptive User Authentication
+ Contextual intelligence layer + Policy-based trusted IPs + Multiple OTP options + Location aware dispatching
Now
• Always based on SMS
• Always real-time
• Always session based
Two-factor vs. Multi-factor Authentication
»
Two-factor Authentication (2FA) is merely
»
Something you Know
»
Something you Have (Token, Card, Finger, Phone etc.)
»
Multi-Factor Authentication (MFA) simply adds more factors
»
Your Connection (unique session identification)
»
Your Location (Geographically)
»
The Role/Rights you have (Group member i.e. consultant, employee)
»
A valid Gateway/Point of entry
»
Time of day (doors are open only between i.e. 8am and 10pm) etc.
Basic security:
Protects against 90’ies threats (key loggers, guessed/ cracked/ bought/ borrowed passwords etc.) Plus - users feel that their identity is protected.
Higher security:
Protection against also more modern threats like Advanced malware, Session hijacking, Phishing, Pharming, Man-in-the-middle attacks etc.
New flexibility:
Access may now be controlled based on i.e. Countries, IP-ranges, “Trusted locations”, Time frames, Roles, Groups and other factors.
User Perspective
»
Simple – To be able to access the systems when
Corporate Perspective
»
Security
»
Integrity
»
Compliance
»
Loss Prohibition
»
Data Protection
»
Etc etc
SMS PASSCODE Perspective
What makes SMS PASSCODE unique?
Makes Security Hassle-Free
and Painless for the User
Easy for IT to Implement,
Manage and Scale
Prevents Security Breaches with
Contextual Intelligence
Reduces Costs and
Improves ROI
Superior
User
Experience
Adaptive Authentication
»
Assess the current risk profile and determine
actions – allow, deny, no challenge, the OTP
delivery mechanism
»
Trusted location vs. Untrusted location (i.e.
allowing users to login without OTP from a trusted
location)
Adaptive Authentication
»
The “context” is determined from:
»
Static rules:
»
Geo-IP data, like country and organization of
end-user IP
»
Authentication client type
Adaptive Authentication
»
Dynamic rule:
»
Category of the end-user – Trusted or not trusted
»
This category also influences the content of the
message
Adaptive Authentication
»
Do it all without lowering the level of Security
»
AND
Adaptive Authentication - Usage
»
Allow log-in without OTP, but only from trusted
IPs within a specific country (“home country”)
»
Deny access from specific geographic regions
»
Allow log-in without OTP, when logging in from a
specific IP scope (e.g. internal LAN)
»
Allow VPN from one & other client access from
SMS Passcode –
The must have MFA Solution
»
Simple and strong deployment with AD integration
» New users are added to the SMS PASSCODE Users Group(s) in Active Directory
» Automatically, they receive an e-mail including a link to the self-service website from where they can enter their Token-ID, phone number, personal PIN-code etc.
» After that, they can logon from home/outside – protected by SMS PASSCODE
» The admin will never have to add/remove the users from a console/system – just an AD Group. This means almost zero administration even in large organizations since users already fall out of AD when leaving the company.
»
Geo Location Awareness – Trusted Home IP
» After a number of logons (default 3) the IP Address is marked “Trusted”, and you can let the user in, using only their password, e.g. from given countries, e.g to given applications and e.g if the users has the rights (e.g. not management and R&D) and not on VPN for instance… maybe OWA is only MFA protected outside the users home country etc. See later slide…
» Most systems supports this – incl. Cisco VPN, Citrix NetScaler and WI, OWA, Cloud Services etc.
»
Location Aware Dispatching
Flexible OTP Delivery
User-friendly logon-security to VPN, Citrix, OWA, SharePoint (TMG/UAG), Cloud etc.
that offers many options for authentication
»
Mobile centered solutions
»
SMS or FlashSMS (on GSM)
»
Secure e-mail (on your phone), after Active Sync Provisioning
»
Voice call (on GSM or e.g. Skype™ on Wi-Fi)
»
Tokens – OATH Support
»
Hardware tokens with display or not
»
Software tokens – e.g. Windows or Google Authenticator
All Session specific codes, generated in real time. Best security and best user experience.
Alternative for the users that do not have a (company) phone or want offline (no Wi-Fi) options.
Secure Device Provisioning
»
SMS PASSCODE automates
authentication for native e-mail client
usage
»
Works directly with the
Allow/Block/Quarantine list in Exchange
ActiveSync
»
Users can safely self-provision
new devices
Advanced Reporting
»
Monitor usage and logins (real-time & historic)
»
Geo location – mapping the users logons
»
Also failed attempts (potential attack)
»
Drill down option
»
Trend Lines
»
Helpdesk tool as well as analysis
Password Reset Module
»
Integrated detection of failed password entered
»
Notification/SMS is sent to the user with a link to the password reset site
»
The users can change AD password remotely in a simple and secure way
»
Advantages of SMS PASSCODE Password Reset Module
»
Users do not need to know about the option – no education
»
Nothing is installed on the Users PC/Device
»
A browser based access to the Password Reset Site gives the users
access from their own devices
Platform Diagram
Active Sync Provisioning License Split Location Aware DispatchAdaptive User Authentication
Matrix for mapping user and application security policies
Access w/o MFA in home country Access w/o MFA Trusted location
No access permitted World wide access via MFA Management White collars R&D External IT Consultant Blue collars Externals Groups / Applications
Password Reset Module
»
A number of log in attempts with an
incorrect AD Password will lock you
out – and a message is sent
»
By clicking the URL the user is taken
to the Password Reset Site
»
After being securely authenticated
by SMS PASSCODE, the user can
reset the AD Password
»
BONUS - If a hacker tried to get
access he would be denied! And
both you and admin would be
notified
Adaptive User Authentication 26
11:45 am
Your SMS ASSCODE account has been locked out. Please reset your password here:
In Good Hands
“This project has been highly successful. Not
only have we realized substantial cost savings,
the users have also been very happy about the
change”
John Gudmann, Post Nord
“SMS PASSCODE is a great hassle-free product
and does exactly what we need it to”
John Owen, IT Manager, Day Group
“We have now regained control of the
authentication process. We know exactly who
receives access codes, when they use them to
log in, and from where”
Peter Warnier, CIO, DEME
274
custom
ers
98
%
Of our customers Answer that the solution has delivered the results that they aimed for.
1% yet to realize all expected results 1% expect to see results in a near future
24%
24%
47%
6%
How much did you save?
Saved more than 50% Saved 25 – 50% Saved 5 – 24% Saved Less than 5%
