CHICAGO, July 9, 2013 (GLOBE NEWSWIRE) -- Experts agree passwords are at the root of online security problems because when typed into browsers, sent over open networks and centrally stored, they are easily compromised leaving the networks and accounts they "protect" vulnerable to criminals. But that can all change with a digital image that can save your online identity.
Today Authentify, a leading global innovator in phone-based out-of-band authentication services, introduced an alternative to overworked passwords, an online security app that turns mobile devices into secure personal authenticators. Combining enterprise control with user convenience, the Authentify xFA™ Service replaces passwords with a mobile xFA app that scans an on-screen, short-lived cryptograph--a digital image that, when scanned, activates a PKI digital certificate for strong authentication--and turns a smartphone into a powerful authenticator that delivers server-to-server class endpoint security with no effort from the end user or the enterprise. xFA, which stands for "x" factors of authentication, also provides strong multi-factor authentication supporting voice biometrics and other forms of secure messages allowing enterprises or their users to choose the level of authentication the transaction warrants.
Authentify xFA can be used by any online service provider or enterprise that needs strong protection at time of logon but also needs a simple user experience. xFA provides greater protection to financial services, e-commerce, medical insurance firms or any enterprise/SMB private networks from password exploits or breaches without losing productivity or inconveniencing users.
"Authentify xFA effectively eliminates the risks of password cyber-breaches and the costly customer breach notifications and incident response measures that follow, but the xFA service handles all the security complexity," said Craig Shumard, the former CISO of Cigna Health Insurance and principal of Shumard Associates. "xFA should be viewed as simple and easy to use as SSL or HTTPS."
The xFA Service and the xFA app--downloadable from Apple and Android stores--are available immediately worldwide. Authentify offers the service to customers for fixed annual subscription fees.
According to the Verizon 2013 Data Breach Investigations Report, 78% of cyber-attacks were low or very low in difficulty, and the vast majority involve stolen passwords.
"Password security is broken and the headlines prove it," said Peter Tapling, Authentify president & CEO. "We developed xFA because the security is in a different class, anchored by digital certificates and biometric authentication. Until now, however, cost, user complexity and ease of deployment have been formidable barriers preventing the widespread use of these technologies. Authentify is changing that paradigm because xFA is even easier to use than passwords yet delivers the proven security of digital certificates and voice biometrics over a second channel. And since the users' own mobile device becomes the authenticator, it's easy to scale."
Authentify's xFA defeats a broad range of exploits designed to steal passwords or hijack online sessions such as man-in-the-middle, man-in-the-browser, viruses, Trojans and keyloggers, and does so with a more engaging user experience than other technologies that layer on top of one another.
For more information on xFA, visit Authentify at www.authentify.com or call 773.243.0300.
About Authentify, Inc.
Authentify, Inc. is the leading innovator of global phone-based, out-of-band authentication services and was recently ranked as a visionary by Gartner. These services enable organizations that need strong security to quickly and cost-effectively add 2-factor or 3-factor authentication layers to user logon, transaction verification or critical changes such as adding a payee to an e-pay or wire account. The company's patented technology employs a service-oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing corporate access control and e-merchants who want to limit fraud on their sites.
© June 2013, Authentify, Inc.
Authentify and 2CHK Technology Patents Issued and Pending:
U.S. PATENT NOS. 6,934,858 / 7,383,572 / 7,461,258 / 7,574,733 / 61,327,723 / 61,334,776 / 12,938,161 / 13,006,806 / 13,011,387 / 13,011,38 7 / 13,011,739
NOTES FOR JOURNALISTS
The xFA User Experience
Users first download Authentify xFA from the Apple or Android store and then register their phone with the Authentify xFA Service, establishing a password and voice biometric that they will always use with xFA.
To enroll with a service provider or company network, users visit the site and login, verifying their identity following the site's policies. The user then scans the enrollment code (a digital image) with xFA, which initiates the completely automatic provisioning of their digital certificate.
Once enrolled, all subsequent logons are protected by xFA.
On the mobile device, the user launches the xFA app and then visits the site in a browser. Clicking the login button triggers a short-lived cryptograph from the xFA Service, which is displayed on the screen. On the mobile device, the user clicks the xFA logon icon, scans the digital certificate cryptograph and speaks their voice biometric passphrase. After verification by the xFA service, access is then granted. Logging on takes no more than just a few seconds and requires no typing, and the xFA app allows this all to be done from a smartphone or tablet.
Three components comprise the Authentify xFA relationship: end users use the mobile xFA app; Authentify xFA provides the cloud-based security service; and the enterprise or online service provider's network.
These three elements combine to ensure security. The xFA app makes the mobile device a fully out-of-band second channel and personal authenticator that supports multiple authentication factors including voice biometrics. A complete, yet invisible, digital certificate infrastructure (PKI) based on one-time cryptograph images delivers server-to-server class security between the device, Authentify and the enterprise or online service provider. Three separate key pairs are used to provide a zero-trust model, so that the end user's communications with the enterprise are protected end-to-end and cannot be intercepted or understood by Authentify.
Authentify was the first to introduce telephone-based OOB authentication in 2001 and has proven the service to be an effective countermeasure recommended by federal authorities, regulators and leading consulting firms. OOB authentication is used by banks, ecommerce providers and enterprises to protect customers or users against sophisticated man-in-the-middle and man-in-the-browser attacks used to steal login credentials or hijack online sessions.
Authentify has applied its experience from ten years of OOB security and protection of more than 250 million authentication events to the creation of xFA; the company's customers indicate that OOB authentication is a very valuable component of their authentication and risk management portfolio, and they would like to do more of it.
"Our customers include some of the world's largest banks, enterprises and ecommerce providers, and we have been engaged with them throughout the development process of the xFA Service and app," said Tapling. "Their feedback indicates that we have created an original solution that sets a new standard for secure, convenient and cost-effective authentication options."
A photo accompanying this release is available at: