Two-Factor Authentication Without Tokens: Positive Networks Debuts PhoneFactor™

Business Wire, May 22, 2007

Free, Tokenless, Two-Factor Authentication Service Uses Any Phone as an Authentication Device; Provides Simplified Deployment and Low Cost of Ownership

OVERLAND PARK, Kan. -- Positive Networks, the leading provider of hosted security services, today announced PhoneFactor, the industry's first free, phone-based authentication service. PhoneFactor uses any phone as the second authentication factor, eliminating the need to purchase and manage expensive tokens. Because employees can use their own phones, PhoneFactor eliminates the need to carry an external authentication device. PhoneFactor provides a higher standard of security technology that traditional smart cards, soft tokens and USB authentication devices can't provide.

PhoneFactor is offered as a free service for companies who want a powerful and simple means of authenticating end users. The product includes everything an enterprise needs to roll out a complete two-factor authentication service, including unlimited users and authentications, and includes support for VPN appliances, Citrix, and Microsoft Outlook Web Access. It also includes free authentication calls within the U.S. Positive Networks will offer additional features on a fee basis, such as multi-server support, directory integration, international authentication, reporting and auditing, and support and product maintenance packages.

PhoneFactor is a web-based service that can be set up within minutes and without the purchase of hardware or packaged software. The service is easy to implement and seamlessly integrates with existing Microsoft Internet Information Server (IIS), Microsoft Active Directory, and RADIUS servers. No software is installed on the phone, and users can easily be set up through a simple Active Directory import. Positive Networks also provides 24x7 end user and IT administrator support.

"Everyone knows that password protection alone is insecure. The problem is that traditional two-factor tokens are expensive and nobody wants to carry them," said Tim Sutton, CEO, Positive Networks. "Since almost everyone has a cell phone, it makes sense to use it as an authentication device."

How It Works

A user enters a username and password into an application. PhoneFactor acts as a secondary authentication and calls the user's pre-designated phone number. An outgoing message is played, providing instructions to the user. The user then presses the # key or enters a session PIN and presses #, depending on the mode selected, to confirm the login attempt. PhoneFactor authentication is only invoked if the initial username and password are correct.

Setup is easy. An administrator simply installs the PhoneFactor agent directly on the server to be protected, such as a Citrix Server or Microsoft Internet Information Server, or sets up a pass-through RADIUS authentication server. Administrators can customize features through a web-based management interface.

In addition, PhoneFactor offers key security features not normally available from two-factor authentication systems, including Live Fraud Alert and Anti-Phishing Technology. With Live Fraud Alert, PhoneFactor is the only two-factor authentication system in the world that allows for instant attack detection. Every authentication attempt in which the attacker knows the user's username and password will generate a phone call to the (true) user. That user can immediately contact support, just by pressing a key combination during the authentication phone call, and IT can take appropriate action on the spot.

Key Benefits include:

* Secure two-factor authentication

* No special consulting or training

* No inconvenient tokens or USB devices

* No client software to deploy

* No equipment to purchase

* Easy to set up, manage, and use

* 24/7 support

Key Features include:

* Microsoft Internet Information Server (IIS) and RADIUS integration

* Import from Active Directory (users' names and phone numbers)

* Web-based sign up

* Centralized Web reporting

* Standard and PIN modes with customizable rules

* SSL communication between agent and POP - easy to set up and maintain

* Master/slave replication between servers

* Phone number or PIN changes from the Web or phone menu interface

* Customizable customer support phone (caller ID and direct connect)

* Customized greetings

* End user welcome e-mail support

PhoneFactor is ideally suited to replace smart cards and tokens for a variety of applications that require strong authentication, such as:

Application Access - Once users are connected and authenticated to the network, they need to access enterprise applications, which often require their own authentication methods, typically passwords. PhoneFactor strengthens user authentication for business applications like Citrix, Outlook Web Access, SAP and more.

Remote Access - Remote Access is the most vulnerable entry point to IT resources since it is open to attacks originating from outside the organization's physical perimeter. PhoneFactor enables strong authentication for a wide variety of remote applications such as Positive Networks PositivePRO, Juniper, Cisco, Aventail, SonicWALL, F5 and more.