News Feed Item

SecureAuth Launches New Capability Reducing Exploits for Mobile Multi-Factor Authentication

User-friendly Symbol-to-Accept mobile authentication solution provides same great user experience as push-to-accept but is more secure

IRVINE, CA --(Marketwired - November 30, 2016) - SecureAuth Corporation, the leader in adaptive access control, today announced the launch of Symbol-to-Accept, a patent-pending mobile multi-factor authentication approach that improves security without compromising the convenience of the popular push-to-accept method. Expanding on the convenience of push-to-accept, Symbol-to-Accept increases security by reducing the risk of users routinely pressing "accept" even if they did not initiate the authentication attempt themselves. While the use of push-to-accept has exploded due to its simplicity and speed, it exposes enterprises to risks when users may inadvertently approve login requests that they did not initiate. This could allow an attacker to bypass the intended protection of multi-factor authentication and breach the user's account.

Symbol-to-Accept, however, enables security-conscious enterprises to deploy mobile push authentication with confidence to mitigate this risk. Preserving the user convenience with Symbol-to-Accept, the user is presented a small number of "accept" buttons displaying single, randomly-selected symbols (such as letters). To successfully log in, the user selects the correct symbol on their mobile device that matches one displayed on their computer's login screen. This choice dramatically reduces the likelihood that the user will approve an unsolicited login request because they will not know which button to choose if they are not currently trying to log in.

Weaknesses of Push-to-Accept

With traditional push-to-accept methods, users that routinely press "accept" for authentication sequences may reflexively approve an unsolicited login request as a way to clear the notification from their mobile device screen. Unfortunately, this may grant an attacker access without the user ever becoming aware that their user identity has been stolen. Symbol-to-Accept avoids this conditioning where users automatically press "accept" out of habit, even if they did not initiate the authentication attempt themselves.

"Push-to-accept is arguably one of the most convenient forms of multi-factor authentication," said Keith Graham, CTO at SecureAuth. "Unfortunately, while traditional push-to-accept authentication provides a great user experience, it is prone to exploit by attackers, who may bombard the user with push-to-accept requests -- to the point where the user will eventually hit 'accept' to make the requests go away. And for cybercriminals, it's a numbers game -- bombard as many users with requests as necessary until the desired outcome is achieved."

Balancing Security and User Experience

Maintaining a convenient user experience is a top concern for IT decision makers when implementing authentication solutions. According to a recent SecureAuth survey, 42 percent of respondents cited disruption to users' daily routine as a hindrance for not adopting an improved authentication strategy. Symbol-to-Accept provides users with the same convenience of push-to-accept authentication; however, Symbol-to-Accept increases security by requiring the user to take an additional cognitive step of selecting the symbol displayed on their mobile device that corresponds to the symbol displayed on the screen in their web browser.

"To satisfy today's changing enterprise landscape, it's essential for security solutions to evolve at the pace of new emerging threats as well as meeting practical organizational needs," said Graham. "Some organizations are already moving to stronger methods of user authentication, including adaptive access control techniques safeguarding critical areas, such as Single Sign-On (SSO) portals and self-service password reset applications. It is imperative that more organizations take this lead and look to implement adaptive access in a way that, in addition to Symbol-to-Accept, performs risk-analysis as part of the authentication process. Adaptive techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics, enable organizations to take control of their authentication process without compromising user experience."

About SecureAuth
SecureAuth is the leader in adaptive access control solutions, empowering organizations to determine identities with confidence. SecureAuth provides strong identity security while minimizing disruptions to the end-user. SecureAuth has been providing SSO and MFA solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog, follow @SecureAuth on Twitter and on LinkedIn, or visit www.secureauth.com.

Media Contact:
Andrew Smith
Senior Account Executive
SHIFT Communications
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous a...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.