It’s a Bird…It’s a Plane…It’s SMS PASSCODE Version 7.2

By Claus E. Kotasek, CEO, SMS PASSCODE

It's a Bird...It's a Plane...

Today is a big day for the team here at SMS PASSCODE as we release SMS PASSCODE 7.2.

As most of you will recall we released version 7.0 earlier this year, which introduced a number of unique features to the market. Features such as Secure Device Provisioning (included as standard in the SMS PASSCODE MFA license) that enables secure and convenient self-enrollment of ActiveSync devices into an organization without the need to contact IT. This greatly reduces the complexity IT administrators face around Bring Your Own Device, and the demand for this particular feature is growing rapidly as more and more users utilize the flexibility of using their own devices in the company IT environment offers. Another innovation we introduced was Contextual Message Dispatching (also referred to as Location Aware Dispatching) where the One-Time-Passcode (OTP) delivery method is determined by the location of where the user are, or any preferences the individual user may have. As an example, you can configure the system to prefer SMS over voice call dispatching during logins from Europe, while preferring voice call over SMS dispatching during logins from North and South America. Or you can send one-time-passcodes to your mobile phone by default, but perform a voice call to a fixed-line phone number when you are logging in from a branch office. The choice is yours as you have full flexibility to configure SMS PASSCODE to your particular requirements. Also after we added OATH token support, customers now benefit from an even broader range of OTP delivery methods. This was indeed an exciting milestone for us, and now it is with great pleasure that we make version 7.2 available for download.
Particularly our Password Reset Module has been enhanced with a number of rich features in version 7.2 making this product a truly unique and powerful solution for convenient and secure password reset.

The main issue with the various password reset solutions available on the market today is that they simply fail in the ‘real world’ as they are not convenient in the moment of truth when the user is locked out and needs to reset their password. With version 7.2 our Password Reset Module is simply deployed on your server without the need to deploy software on the user’s devices. In fact the user doesn’t even need to know about the solution, since SMS PASSCODE conveniently guides the user through the process of resetting the password when the problem arises. A message will be sent to the user’s mobile phone via SMS/text or email once the password is about to expire (e.g. 3 days before). Via a link in the message the user can take action and visit the password reset website directly from their mobile, tablet or PC, where he or she is then guided through the process of resetting the password.

Sounds good right? But wait there is more! The solution can be configured to adapt the level of authentication required to reset the password based on the location of the user. For example if the user is located in a trusted location such as inside the head office, then the old password is enough to successfully reset the password. Whereas if the user is trying to reset the password from a non-trusted location then a personal passcode and OTP would be required.

To learn more about this and other features included in version 7.2 please register for our Version 7.2 Highlights webinar on 26 June or contact us directly


Live from Infosecurity Europe 2014

Infosecurity Europe 2014 – Europe’s largest IT security show is taking place at Earl’s Court in London this week, and our team is on site engaging with the IT community and presenting how SMS PASSCODE ensures safe and easy access for employees logging into corporate networks and cloud applications remotely.

User authentication is a hot topic for both the businesses visiting the show as well as the media here at Infosecurity. Below is a short video interview with Torben Andersen, Chief Commercial Officer at SMS PASSCODE, that talks about some of the reasons why businesses of all sizes are concerned about keeping their data safe from hackers, and why multi-factor authentication is the most natural place to start when building your defense. In the interview Torben also covers the impact of the Heartbleed bug and goes on to explain what adaptive user authentication is and why it is the next generation in multi-factor authentication.

Infosecurity interview SMS PASSCODE


Could SMS PASSCODE protect end-users from the Heartbleed flaw?

During the past week voices from across the industry have been commenting and predicting on the Heartbleed flaw. So to avoid speculation with regard to SMS PASSCODE, we should like to be clear. SMS PASSCODE is not affected by the Heartbleed flaw – Neither the product nor the company.

In fact the Heartbleed flaw emphasizes the need for session specific Multi-Factor Authentication. The vulnerability enables a hacker to obtain random data portions from a web server’s memory, which dramatically increases the risk for successful phishing attacks. With SMS PASSCODE in place however, even if a hacker manages to lift user credentials of a server’s memory, his chance of gaining access to the company network is infinitely slim.

So with due respect to the devastating impact of the flaw the answer to the question is: Yes, SMS PASSCODE could definitely protect end-users from the Heartbleed flaw.

VERSION 7.0 BLOG – The wait is over

By Claus Rosendal, CTO, SMS PASSCODE

Thank you for following my blog posts about version 7.0, I hope they helped give you a sense of the features included in version 7.0 while waiting for it to be released.

I am very excited that the release of SMS PASSCODE 7.0 is now a reality. Our team has done a remarkable job on this release, and I am proud to see us continue our technology leadership with version 7.0.

But enough talk, it’s time to check it out for yourself.  The wait is over.






Note: All customers and partners will receive information via email on how to upgrade to SMS PASSCODE 7.0 later today. If you need help completing your upgrade, please contact our support team 

VERSION 7.0 Blog – Reducing BYOD complexity

By Claus Rosendal, CTO, SMS PASSCODE

It seems like everyone has an opinion on “bring your own device,” or BYOD. No matter what your viewpoint is, it’s increasingly clear that employees’ use of personal devices for work purposes is growing, and that increased worker connectivity opens up new opportunities for businesses.

Make no mistake: BYOD continues to cause friction between IT and employees who want the ultimate in flexibility and access to information, posing a huge headache to system administrators. In recent years, we have observed BYOD blossoming into BYOE, or “bring your own everything.” In BYOE, employees blur boundaries by bringing not only their own smartphones, tablets and laptops to the office, but also their own applications and networks. This infusion of personal devices, apps and networks into the corporate environment presents a significant security challenge, as controlling access to corporate data and network assets is complicated by the presence of devices, networks and applications not fully under the IT department’s control.

Compounding the BYOE problem, mobile devices today often use ActiveSync – the PIM-data synchronization application from Microsoft – to automatically synchronize email, calendars and other information. Today users obtain access to their PIM data by simply entering their email address and their Windows password on their mobile device. Based on the settings of your Exchange Server the device will either be automatically approved and the data synchronization will begin. This however presents a security vulnerability because the users are only poorly authenticated by their username and password (single-factor authentication). Alternatively the device will be quarantined until manually approved by the administrator. The problem with this approach, especially in larger companies, is: How does the system administrator know, whether to approve a quarantined device or not? How does he distinguish between a valid user device and a hacker attempting to get access to a user’s e-mail using the ActiveSync protocol?

This is where SMS PASSCODE version 7.0 comes in. With version 7.0 we introduce Secure Device Provisioning which allows users to easily approve new devices by themselves without compromising security. Once a user activates ActiveSync on the device he/she will receive a quarantine email with a link to a Self-Service website where the user can approve the new device with a single click, after having authenticated themselves via SMS PASSCODE’s Multi-Factor Authentication platform.

Secure Device Provisioning is convenient for the users as they get easy access to data on their new device when and where they need it, and without having to contact IT for approval. This frees the burden on IT departments and reduces complexity around supporting a mobile workforce with a growing amount of devices in a secure way. As you might imagine, we are very excited about introducing this new feature.

Join me again tomorrow for the last post in my “seven days of version 7.0” blog series.

VERSION 7.0 Blog: The lost password dilemma – finally solved?

By Claus Rosendal, CTO, SMS PASSCODE

“Sorry but you have entered a wrong username or password, please try again”. It’s 9.00 AM Monday morning and you are staring at the screen after the first two failed login attempts, trying hard to recall your password, and wishing you had stronger coffee. We have all been there.

Many companies enforce a strict password security policy where users have to change their password every 60-90 days, and on top of that your new password must often contain a minimum of 10 characters and feature both capitalized and non-capitalized letters as well as numerical values and symbols. Sound familiar?

Whether so-called ‘strong’ passwords like this actually increase security and prevents you from being breached is an interesting question (I will save that for another blog post!), but what is more interesting is the fact that having to remember and frequently change difficult passwords causes frustration for your employees. The dilemma of forgotten passwords is here to stay as long as there are passwords to remember, but luckily there are solutions such as our Password Reset Module that helps reduce the sting of a forgotten password, by empowering the employees to easily reset their passwords in a secure way, without having to contact the IT helpdesk. With version 7.0 our Password Reset Module becomes its own stand-alone product in our portfolio, and I encourage anyone looking to minimize the frustration and lack of productivity caused by forgotten passwords to check it out. Of course there are also alternative solutions out there, and American talk show hostess Ellen Degeneres discovered a very creative way of storing all your passwords so you never forget them again. The solution is elegantly presented in this short video.


Join me again tomorrow for my next blog in our 7 days of version 7.0 blog series.

VERSION 7.0 Blog – Token nostalgic?

By Claus Rosendal, CTO, SMS PASSCODE

What is less secure, inconvenient to carry around, and a nightmare to administrate for IT?
You guessed it, I’m talking about tokens. Although token jokes are popular here at the office (naturally), there are companies that continue to use hard or soft-tokens to authenticate their users, despite the flaws tokens have.back2thefuture

I remember back in the 80s being a huge fan of the movie ‘Back To The Future’ by Steven Spielberg. Michael J. Fox played the role as young Marty McFly travelling back and forth in time using an old and modified DeLorean as a time machine vehicle. I remember watching the scene where the DeLorean drives back in time, leaving fire in its tire tracks, and wishing that I would one day own a car like that. Luckily, that dream never came true, and I think people would laugh if I they saw me driving around in such a car today.

To some extent, it is the same story with tokens. The technology is clearly outdated and has even been compromised by hackers, yet there still seems to be some level of nostalgia surrounding it. Admittedly, there are circumstances where a company would want to supplement SMS-based authentication with tokens. For example one of our customers logs in from a mine located several hundred meters underground where there is no mobile phone coverage. For extreme scenarios like this, a token can come in handy. For circumstances like these we have added native support for OATH tokens in our upcoming version 7.0, giving our clients even greater flexibility in how they deploy multi-factor authentication across their businesses. So ‘token nostalgic’ or not, we can support you.

Join me again tomorrow for my next blog in our seven days of version 7.0 blog series.


Get every new post delivered to your Inbox.

Join 70 other followers