Two-factor authentication using SMS messages sent to cellphones
Two-factor authentication makes your
corporate IT environment safer and more reliable. It helps to handle corporate
passwords in a secure way so authentication will only be available to
authenticated people. Two factor authentication means that during login the
user has to provide two secure information: his password, and a one time code he
receives in SMS to his mobile phone. Two factor authentication can be used to
improve login security or to sign critical transactions, such as wire transfer
instructions in banks. It is usually implemented with Ozeki NG SMS Gateway. This
article explains the benefits, the possible fields of applications of two factor
authentication and gives you introduction on how to implement it.
Fields of applications
In a complex corporate IT environment
passwords are very often the only possible means of protection against
unauthenticated intruders. To ensure security of corporate networks is a never
ending tasks of system administrators. That is why passwords are widely used to
prevent frauds and system cracks. But very often static passwords are not enough
and extra security is needed. As these static passwords are easy to guess and
employees, customers, business partners write them down, send them in e-mails,
they become ineffective. In case of companies where high security is essential,
two-factor authentication can be implemented to improve security and to protect
their corporate network.
Figure 1 - Use a one time password sent in SMS
The best solution for such problems is the implementation of a
two-factor authentication system by using a powerful
SMS gateway software to deliver the SMS messages containing the one time
passwords (OTP) to mobile devices. To be able
to setup this solution, you need an application, which supports this
authentication method. Then you need to configure it to
generate a one-time password for the users during the login process and to
send this password to their cellphones. In more detail the procedure works
the following way:
Step 1: The user provides his login name and password (first phase)
Step 2: If the user has completed first phase authentication, his mobile
telephone number is looked up from a database (or active directory).
Step 3: A one time password is generated and is sent to his mobile phone
Step 4: The user enters the one time password to complete the authentication
The one time password can contain
numbers and random characters and they are changed at each login. The one time
password will not be delivered through the computer network, so it will be
harder for an intruder to intercept it. As they are changed constantly people
cannot write them down. Furthermore, if someone get your password it cannot be
used the next time it is needed as it expires automatically after some time.
All in all, a two-factor password is harder to guess and intercept.
Ozeki offers an SMS gateway software that can be used to delivery the one time
password to the mobile phone of the user. The name of this software is called
Ozeki NG SMS Gateway. It can be used effectively in this
authentication process, because it can send the SMS message containing the
one time password through a GSM phone or
GSM modem attached to the computer with a data cable (or it can send it through
the Internet to an SMS service provider). Detailed step by step instructions
demonstrating this solution are provided for the following systems:
These systems have built in support for two-factor
authentication method. They are able to generate and process a one-time password.
After generating the one time password, they
forward it to Ozeki NG SMS Gateway which will process it. Finally the SMS
gateway software sends this generated password to a given mobile phone or even
two mobile phones. This process is very simple but at the same time it is very
efficient. Your passwords are only sent to pre-defined mobile devices
therefore unauthenticated intruders cannot get them. If a one-time password is
failed to use then it expires automatically so after a short period of time it
cannot be used to log into your corporate network. If you decide to implement
this effective solution you will gain a well-functioning and reliable system
which ensures security of your corporate IT environment.
Wireless mobile connection vs IP SMS connection
For two factor authentication systems you have two choices to deliver your
SMS messages to the mobile network. You can use a GSM phone or GSM modem
attached to your server computer with a data cable or you can send the SMS
messages through an Internet based SMS service provider. If you use a GSM phone
or GSM modem, your SMS messages will be sent through the airwaves, if you use an
Internet based SMS service provider the SMS messages will be sent through the
Internet to the short message service center (SMSC) of the mobile network
operator. The first option (sending SMS messages with a GSM phone or GSM modem) is
usually more secure. It is significantly harder to capture and decipher an SMS
message traveling through the air, then it is to capture internet traffic. We
recommend you to setup a GSM modem connection to
the mobile network. The second solution is necessary if you have high
volume of SMS messages. If you send your one time passwords over the Internet,
to an SMS service provider, make sure to setup a VPN channel between your Ozeki
NG SMS Gateway installation and the Short Message Service Center of the Internet
SMS service provider.
Benefits
SMS functionality provided by Ozeki NG SMS Gateway helps
handle your corporate passwords in a secure way. Thanks to SMS technology
passwords only will be sent to authenticated people so unauthorized people
cannot gain access to your system. Or if a password have been stolen
it is not likely that the thief can steal the corresponding mobile phone at the
same time. If a mobile phone has been stolen with a one-time password in it,
there is still no problem as these passwords can be used only once and expire
automatically after some short time if they are not used. With the implementation
of this solution you can improve your corporate security.
Conclusion for two-factor authentication
By combining Ozeki NG SMS Gateway with a two-factor
authentication method your system will be protected from intruders while you,
your employees, customers, or partners can access anytime and anywhere with the
highest security. SMS functionality ensures that only the intended person
receives your password, and a new password will be generated and sent via SMS at
each login. With this solution you will get a secure, reliable corporate IT
system.
If you are interested in this solution, let us know, so we can send you
more relevant information and quotation with prices. Please fill in the
following form: