Use your Mobile Phone as a Security Token

by Abhinna Shreshtha    Oct 06, 2008

Ever thought of using your mobile phone as a security token? It is not a use that many of us would ever consider using our phone for, but next generation two-factor authentication tools see the mobile phone as better substitute to traditional hardware tokens.

This is how it works - the password is sent via a secure SMS to the mobile phone of the user. Depending on the company’s specification the password has a fixed validity after which it becomes void. The SMS is sent via signaling channels, making it more secure.

Recently, Lancers e-Risk Solutions tied-up with US-based SecurEnvoy to bring mobile phone-based, two-factor authentication solutions to India. Nitin Kathuria, director (operations and strategy) of Lancers e-Risk Solutions said that the mobile-based system is better than hardware tokens on three points - it is easier to use and gives more flexibility to users, it is as secure as traditional tokens and has the added advantage of alerting users in case of bad log-ins, and it is also a more cost-effective solution for enterprises. “It is easier for a person to lose or forget a hardware coupon than his mobile phone. Even if the mobile phone is lost, it is simple to notify the administrator and block the account till a new number is assigned to the user.”

On being asked whether he sees tokenless, mobile-based platforms becoming more popular than the traditional security tokens, Kathuria said that tokens have not evolved much in the 10 -15 years they have been used. Next-generation platforms like mobile-based ones give more flexibility to users and enterprises alike while reducing costs and being easy to use. Kathuria said, “This system is compatible with CDMA or GSM phones. It is platform and network independent. Additional services like sending the SMS to landline (if possible) or an e-mail can also be provided if required.”

At present, Lancers is running trial of this solution in some banks and telecom organizations. Kathuria expects the biggest markets to be BFSI, telecom, IT/ITeS. Pharmacy is another market that is expected to show a lot of interest in such next-generation security solutions, according to Kathuria.

Related links:
Mobile Platform to Increase Synchronization