The SMS PASSCODE Blog – technology leader in two-factor authentication

Before we talk about our reasoning behind the token trade-in program, the recent events publicly announced by a leading token technology vendor including the need to replace tokens is not for us to comment on except the point that it is unfortunate when any security technology is compromised as it brings customers at risk and we are sorry for that.

However, I think it cannot come as a surprise to many of us that a 20+ year old technology like the token has come under pressure from modern threats on the internet and a level of information sharing and a remedy plan on our behalf is obligated here. We believe there has been a lot of innovation in those 20 years, where we are recognized as one of them with a new generation more modern technology that has on the market for a while now and is a proven alternative.

The announced plans to replace tokens cannot only be good news to customers as they are exposed today and the physical replacement of tokens has a time delay and an administration cost often as high as the procurement price itself associated to it. Especially for the SMB and mid-market customers, where we have seen significant adoption, this appear a bigger issue than often anticipated.

We view the  recent events as sad, but also as validation points for our statement on the 20+ year old token technology. Allow us to use it as basis for us to maybe better and more objectively articulate what we mean, when we talk about the difference between the first generation pre-determined token code technology used by token and most SMS based two-factor technologies, and our new modern second generation more secure real-time technology. These first generation technologies have different ways by which they in advance generate a code or list of codes that is valid for a period of time or until used. If this basis technology that is used to pre-deterministic generate the code or list of codes ends in the wrong hands as seen, the ill-intended can get the codes.

Unlike these technologies, we are recognized for having a second generation more secure modern log-in process, where we first validate user ID and password, before we generate and send in real-time a code that is only valid for that log-in attempt (session). It is all happening in real-time. Thus, the code is not pre-determined and thus is not exposed to the type of hacking seen recently. We can do this as we have build a reliable and scalable platform designed specifically for real-time code generation and global delivery via SMS Text Messaging, voice or secure e-mail to any phone. We do this with an unrivaled level of load-balancing, redundancy and alternate code delivery capabilities. Instead of making a trade-off towards a 20 year old less secure pre-deterministic technology like everybody else driven by the belief that the code could not be delivered reliably real-time, we have designed a system that has the capabilities to do just that much more reliably than any physical technology that is perceived to be more available but is not as it is often misplaced, out-of-order or expired. **

In addition to being more secure, SMS PASSCODE® also do not require physical distribution of devices and thus according to our customer driven TCO calculations, it cost less than half that of regular tokens when compared over a project period of 3-4 years.

Global trade-in program

While the removal of token distribution hassles makes it practically free for customers to migrate to SMS PASSCODE®, to entice customers to reconsider avoiding the hurdles to replace tokens, we today launched a global campaign offering customers a financial incentive in the shape of trade-in discount for any valid token, when augmenting existing two-factor token technologies with SMS PASSSCODE ®.  SMS PASSCODE® comes out of the box with support for co-existence to both regular tokens as well as more modern SaaS based token technologies for easy migration.  This enables customers to immediately increase security at lower cost than the token replacement alternative by implementing SMS PASSCODE® side-by-side to the existing token technology and migrate users on a need-to basis fitting your preferred time schedule.  The program, available in select markets through the third calendar quarter of 2011, offers a discount on the procurement of SMS PASSCODE ®  when it replaces a valid token. The trade-in discounts are set on a regional level.

To learn more about the details and the discounts, contact our distributor in your territory listed at www.smspasscode.com or contact us at our web form. You may also call me directly here: Lars Nielsen, phone +45 21 26 81 98.

** The likelihood a SMS PASSCODE user has to call the help desk to gain access is significant less than a physical token system as the misplacement and error rates are much higher than the likelihood a user cannot get a text, voice call or secure e-mail.