Chicago (IL) - VeriSign has teamed up with Apple to provide a second-factor authentication (2FA) token generator application for the iPhone. For those interested in maximizing their online security against fraud and theft, using a second-factor code, one which changes every 30 seconds, could be the best way to go. And now with VeriSign's iPhone app, you won't need to carry around a separate token or card. The iPhone becomes a one-stop shop for online 2FA security. In this article we explain the technology, and show you how to use it.
Even
when armed with extended validation certificates, patched browsers and a deep
knowledge of online security, many users still feel uneasy when logging into
their PayPal or eBay account. And who could blame them? Sites
like these hold very sensitive financial information, a target fraudsters
could use to empty out bank accounts. The best thing you can do in order to
better protect yourself online is to opt-in for the so-called
second-factor authentication on sites which support the technology.
This requires you to order security tokens or a card from
one of the trusted security providers, and then have it with you pretty much all of your online time -- what an annoyance. What if you could use your iPhone, something that's always
there in your pocket, into a token?
Online security is
like safer sex: While aware of the risks, you can never be safe enough. And even if you "forget" your protection one time, that could be all it takes to become compromised. When it comes to your
online and Internet life, a simple name and password in most cases is your only
defense against fraudsters -- and an extremely weak one at that, might I add. Just ask Governor Sarah Palin
or France's president Nicolas Sarkozy whose email account hacks have been front page news. But you don't hear very often of fraudsters
getting the details to one's bank account, not thanks to the
so-called two-factor authentication (2FA).
What is 2FA?
Two-factor authentication adds a new, much stronger security layer by combining something you know (login username and password) with something you physically have -- a token. A token is basically an electronic device that looks like a calculator. It uses a complex mathematical algorithm to constantly supply a 6-digit code that is unique to only your token, and changes every 30 seconds for security reasons. Tokens also have a unique identification number (usually printed on the back), which is used for authorizing the device on supported sites, like online banking.
Your security provider may issue you a security card instead of a token. When connected to a computer via an accompanying reader and paired with a digital security certificate, it enables easier authentication by the simple means of inserting your card into the reader -- rather than generating codes via token and entering them manually.
For years, 2FA has proved
its effectiveness across the financial industries, and it's no
wonder this technology has now arrived on many of the sites we commonly use -- like eBay,
PayPal, etc.
A token (above) and a security card with an accompanying reader (bellow) both serve as the second-factor authentication credentials on supported sites. Financial insitutions and banks have been issuing tokens and securiy cards to clients for years, mainly for online banking, but you can use them on online shoping malls as well.
YOUR IPHONE IS A TOKEN
Remember, tokens issued by your bank that you use to generate security codes for logins to your online personal banking (left)? You can use the same technology to better protect yourself on sites that hold your sensitive financial data, like eBay or PayPal. And, thanks to VeriSign's iPhone app, there is no need to carry around a separate token or card -- your iPhone becomes a trusted token (right).
Setting up: Activating your credential
First, download the free VIP Access program from the App Store (iTunes link). Next, when you first run the app you'll be asked for your phone number. VeriSign will anonymously use it to text you activation instructions. Once you complete the activation process, your iPhone becomes an authorized credential provider that can be used on partner sites. The second phase is activating your credential (the iPhone) for use on, say, your PayPal account.
In order to do this, you simply log into your account on a VeriSign-approved partner site and indicate that you want to activate a credential. The site will prompt you to input the serial number of your credential (shown when you run the app), thus tying your token (iPhone) to your PayPal account. No need to worry -- the serial number created by the app is an anonymous identifier and VeriSign uses it only to verify that this token and all variations of its one-time-passwords belong to you.
ACTIVATE YOUR CREDENTIAL
When you first run VeriSign's free VIP Access for iPhone, you will be asked for your phone number. VeriSign anonymously uses this information to provide you with the activation instructions in a text message. Once finished, your iPhone becomes an authorized token that you can use to generate one-time six-digit codes on sites that provide two-factor authentication, sites such as eBay, PayPal, AOL and 40 other sites.
[Click for slideshow]
Read on the next page: Logging in, Conclusion... EXTRA: VIDEO