Xura recently announced that it would partner with SMS PASSCODE to develop an easy-to-use, multi-factor authentication mechanism. The solution is a much better alternative to the traditional password or hardware tokens.
Wakefield, Massachusetts-based Xura provides a digital communications suite for mobile operators that supports messaging and offers network signaling and messaging security. It also offers monetization, and other solutions designed for enterprise environments.
SMS PASSCODE is a Copenhagen-based company that offers multi-factor authentication solutions as alternatives to passwords, which can easily be phished, or hardware tokens, which become unwieldy to manage and can also be hacked.
A person logging into an SMS PASSCODE-protected system will be authenticated differently if accessing the network under different circumstances. According to a company-issued video, a user accessing an SMS-secured network will have a number of different factors analyzed and evaluated.
It might consider the user’s location, time of day, or information that uniquely identifies their device. What’s great about using device information as part of the login process is that even if hackers were to steal a password, it would not give them access to a system if they logged in from an untrusted device.
It’s possible that a user could be authenticated and granted access without having entered a password. If that person were to login from a trusted device and location, and the time of day was considered valid, SMS PASSCODE security may well determine that such information was sufficient to authenticate the user, and that person could access the network without providing a password.
On the other hand, if every aspect of that hypothetical situation was the same, except the location from which user logs in is different; a password may be required in order for access to be granted. This might happen if the user logged in from a Wi-Fi system in a public place like a coffee house.
Xura adds to SMS PASSCODE’s security by adding its trustego app to the mix. One of the more interesting features of trustego is that it supports the use of validity periods for messages. If a message is not saved within the pre-defined validity period, trustego erases it. This is a great feature if someone leaves a potentially sensitive message up on their computer, then steps away from their desk without saving the message. With the combined trustego-SMS PASSCODE solution, users can also receive PIN codes used to protect data.
Trustego can also detect ‘jailbroken’ iPhones and Android phones that have been ‘rooted’. For those who are not familiar with these terms, such phones have basically been hacked by their owners at the operating system level. This allows the owners to change phone functionality that they would not be able to otherwise. It also gives malware an opening that would not be available otherwise and creates a security nightmare for IT departments.
Xura and SMS PASSCODE have combined efforts on a solution that should give businesses better security without being too cumbersome to use. Whether or not it’s a hot item is a matter for the market to decide, but you have to give them credit for developing a better alternative to passwords.
IT admins can tell their users to create better passwords than ‘password’ or ‘abc123’ until they have facial cyanosis, but that does not acknowledge the fact that even the best passwords can still be hacked. By themselves, passwords offer limited protection and are inadequate for protecting sensitive enterprise data.
Edited by
Kyle Piscioniere 
QUICK LINKS 
