Since HOTP and TOTP algorithms are the technological backbone of a wide variety of tokens used as a second authentication factor, they are very effective at creating unpredictable one-time passwords. The versatility of these algorithms have allowed hardware-based tokens to be replaced by software-based tokens, significantly reducing manufacturing and distribution costs in the process. The massive adoption of mobile devices has greatly expanded the use of software tokens such as Google Authenticator among the general public.
Mobile tokens are often necessary as a second factor, but it’s important to understand that the use of mobile tokens alone cannot effectively keep sensitive information secure. This article explores the necessity of mobile tokens and how combining them with other fraud protection solutions can decrease the likelihood of sensitive information ending up in the wrong hands.
Tokens have clearly evolved, but their basic function has not changed. Banks and other organizations still rely on this technology due to its proven efficiency. Tokens were first conceived as an external mechanism to be used at the time a transaction is performed. Since they originally were hardware-based, their seed and algorithm were “burned” onto the device’s physical components. But now, due to the popularity of mobile technology, seeds and algorithms must be stored programmatically in the device’s memory. Adding strong malware protection ensures that this approach is kept secure, like the original physical approach.
Without adequate malware protection, criminals could potentially gain access to data stored on devices. These devices need to be protected to ensure the overall environment is also protected. Deploying a strong defense against malware, alongside one-time-passwords, allows the user to still benefit from effective authentication, while not having to worry about the environment itself.
To successfully deploy authentication methods within mobile devices, solutions that provide malware app detection and prevent use of jailbroken devices need to be utilized in addition to authentication methods that only mobile devices can offer. Push authentication is one such method, which ensures only the end user’s device can authenticate banking operations through a simple tap of the screen.
This solution provides a fast, convenient and safe authentication method since communication integrity is ensured thanks to encryption mechanisms and a double identifier that allows user recognition beyond a shadow of a doubt. In addition, it permits QR-code authentication, which employs the device’s camera to read QR codes generated by the financial entity.
Token authentication mechanisms, deployed with strong malware protection, provide users with a safe browsing experience, and as time moves forward, can be augmented with new advancements in mobile technology to protect against future threats or vulnerabilities.