Welcome!

News Feed Item

SecureAuth Launches New Capability Reducing Exploits for Mobile Multi-Factor Authentication

User-friendly Symbol-to-Accept mobile authentication solution provides same great user experience as push-to-accept but is more secure

IRVINE, CA --(Marketwired - November 30, 2016) - SecureAuth Corporation, the leader in adaptive access control, today announced the launch of Symbol-to-Accept, a patent-pending mobile multi-factor authentication approach that improves security without compromising the convenience of the popular push-to-accept method. Expanding on the convenience of push-to-accept, Symbol-to-Accept increases security by reducing the risk of users routinely pressing "accept" even if they did not initiate the authentication attempt themselves. While the use of push-to-accept has exploded due to its simplicity and speed, it exposes enterprises to risks when users may inadvertently approve login requests that they did not initiate. This could allow an attacker to bypass the intended protection of multi-factor authentication and breach the user's account.

Symbol-to-Accept, however, enables security-conscious enterprises to deploy mobile push authentication with confidence to mitigate this risk. Preserving the user convenience with Symbol-to-Accept, the user is presented a small number of "accept" buttons displaying single, randomly-selected symbols (such as letters). To successfully log in, the user selects the correct symbol on their mobile device that matches one displayed on their computer's login screen. This choice dramatically reduces the likelihood that the user will approve an unsolicited login request because they will not know which button to choose if they are not currently trying to log in.

Weaknesses of Push-to-Accept

With traditional push-to-accept methods, users that routinely press "accept" for authentication sequences may reflexively approve an unsolicited login request as a way to clear the notification from their mobile device screen. Unfortunately, this may grant an attacker access without the user ever becoming aware that their user identity has been stolen. Symbol-to-Accept avoids this conditioning where users automatically press "accept" out of habit, even if they did not initiate the authentication attempt themselves.

"Push-to-accept is arguably one of the most convenient forms of multi-factor authentication," said Keith Graham, CTO at SecureAuth. "Unfortunately, while traditional push-to-accept authentication provides a great user experience, it is prone to exploit by attackers, who may bombard the user with push-to-accept requests -- to the point where the user will eventually hit 'accept' to make the requests go away. And for cybercriminals, it's a numbers game -- bombard as many users with requests as necessary until the desired outcome is achieved."

Balancing Security and User Experience

Maintaining a convenient user experience is a top concern for IT decision makers when implementing authentication solutions. According to a recent SecureAuth survey, 42 percent of respondents cited disruption to users' daily routine as a hindrance for not adopting an improved authentication strategy. Symbol-to-Accept provides users with the same convenience of push-to-accept authentication; however, Symbol-to-Accept increases security by requiring the user to take an additional cognitive step of selecting the symbol displayed on their mobile device that corresponds to the symbol displayed on the screen in their web browser.

"To satisfy today's changing enterprise landscape, it's essential for security solutions to evolve at the pace of new emerging threats as well as meeting practical organizational needs," said Graham. "Some organizations are already moving to stronger methods of user authentication, including adaptive access control techniques safeguarding critical areas, such as Single Sign-On (SSO) portals and self-service password reset applications. It is imperative that more organizations take this lead and look to implement adaptive access in a way that, in addition to Symbol-to-Accept, performs risk-analysis as part of the authentication process. Adaptive techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics, enable organizations to take control of their authentication process without compromising user experience."

About SecureAuth
SecureAuth is the leader in adaptive access control solutions, empowering organizations to determine identities with confidence. SecureAuth provides strong identity security while minimizing disruptions to the end-user. SecureAuth has been providing SSO and MFA solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog, follow @SecureAuth on Twitter and on LinkedIn, or visit www.secureauth.com.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...