5 Most Popular Two-Factor Authentication Security Devices

12 Replies Alan

As we had discussed before, one-factor authentication is not sufficient in order to have good security. Especially when we talk about sensitive transaction such as banking transactions, it is not secure anymore today if it were done only using username and static password.

Two-factor has to come into the IT security field to ensure that the correct person is authenticated. The items below are the five most popular methods used for any two-factor authentication.

1. Mobile OTP

Mobile One-Time Password

Mobile One-Time Password (OTP)

A very popular and cost saving method is to use a SMS gateway and send OTP (one-time password) to a mobile phone user. This method is used widely simply because everyone has a mobile phone today which means everyone can use two-factor authentication as long as the host of the application willing to invest and provide this service.

2. OTP Token

One-Time Password Token

One-Time Password (OTP) Token

OTP token works more or less the same as the Mobile OTP. The difference is that this is a separate device and the OTP can be generated immediately instead of waiting for the SMS gateway to send. As a result, it is more reliable than the Mobile OTP but additional cost needed to have this device.

3. PKI USB Token

Public Key Infrastructure Token

Public Key Infrastructure (PKI) Token

PKI USB Token offers the second best security in the market by beating off man in the middle attack such as phishing attack. However, PKI implementation needs an infrastructure where it is going to be costly. Due to the cost matter, PKI is not well known in certain countries as people will go for OTP to have the balance of security and investment cost.

4. EMV Cap OTP with Signature

Europay, MasterCard and VISA Cap One-Time Password with Signature

Europay, MasterCard and VISA (EMV) Cap One-Time Password (OTP) with Signature

EMV Cap OTP offers the best security around as it not only beats off the man in the middle attack, but also the man in the browser attack. This is simply because the user needs to sign the transaction using the EMV card reader instead of the web browser. As a result, the Trojan of the man in the browser will no longer work. The drawback is that, signing with transaction device can be a tedious thing to do. The user needs to enter correctly the recipient’s account number and the amount in order to perform the transaction successfully.

5. Out of Band Transaction Detail Verification

Out of Band

Out of Band

This method provides the best security similar to the above and solves as well the weakness of the EMV Cap OTP. What this method does is to send the user the details of the transaction such as the recipient’s account number, amount and the OTP code via non-internet channel such as voice call or SMS. The user will verify those details given and confirm the transaction by submitting the OTP code into the web browser. This gives great security but not anything more after that. Unlike PKI, that piece of digital certificate can do not only authentication signing, but also document signing, PDF signing or even data encryption.

Nothing is perfect in this world where everything has its good and bad. You have to clearly define what you want and I’m sure you can find the device that is suitable to you.

Android’s Ice Cream Sandwich

8 Replies Christopher Roberts

Google has revealed a fair amount about the new version of Android, known as Ice Cream Sandwich. The Sandwich moniker is used since Google see the new OS as “one OS everywhere”, or a single version of Android running across all their phones and tablets. Will this unifying system be as tasty as it sounds?

In terms of release date, it looks as though some Android devices shipped before Christmas will run this OS, with some sources suggesting it could arrive as early as October. The new version is rumoured to be known as Android 2.4 Ice Cream Sandwich, which is a little mystifying since it brings together Android 2.3 and Android 3.0 Honeycomb. Wouldn’t Android 4.0 Ice Cream Sandwich make more logical sense?


Google Android's LogoThe Ice Cream interface will bring together all the fancy features from 3.0 Honeycomb, which was designed purely for tablets and larger screen devices. This includes an updated app launcher, holographic user interface, interactive new home-screen widgets and a multi-tasking panel. Leaked shots give a positive impression of the homepage look and feel, which has a great feeling of depth and Minority Report-style futurism. This ties in with Google’s statement that the new OS is their “most ambitious release to date”.

But the Ice Cream Sandwich is about more than the UI, and will bring all the previously tablet-only Android 3.1 features to mobile phones. In real terms, this suggests compatible Android tablets and smart phones will be able to act as hubs and inputs for connecting mice, keyboards and game controllers.

There is also a 3D “headtracking” feature utilising the front-mounted camera. This determines who is speaking and focuses on them during a video call. This detection technology is apparently a key feature in the OS, and it will be interesting to see how developers can further enhance this novelty.

Google intends to make the Ice Cream OS fully open source in an attempt to make things more consistent between devices. When it becomes fully established it will doubtless prove an exciting time for Android affiliates and early adopters. In terms of reputation, Android provides the leading mobile phones; find out more on these models on the Phones4U website.

Are We Reaching Satellite Saturation Point?

19 Replies Jonny Hankins

Satellites surrounding the earthWe all like our satellite navigation systems and mobile phones, Google maps and BBC World when we find ourselves in hotel rooms, but a report just published by the US National Research Council claims that we are on the brink of clogging up space to the point of no return.

A couple of years ago 2 satellites collided destroying both of them, one had already been decommissioned but the other was a communication carrier that was still in use. Also recently, astronauts had to get in to the emergency escape capsule on the International Space Station as debris passed close by.

There are about 22000 big pieces of debris floating round the Earth and many more smaller but potentially equally damaging pieces, and the problem is the lack of international agreement upon the use of near space. Almost everything from Sputnik onward is still floating about up there. The Chinese military destroyed one of their disused military satellites in an experiment in 2007 but that just created thousands more potentially dangerous pieces. More of a political action than a potential solution.

Now maybe we can live with the odd collision now and again, but a related and really serious problem and the underlying cause, is our reliance on this technology. Scientists talk about potential damage from solar flares and the likes, that might even knock the entire system out for an undefined period of time. This would have catastrophic effects on the world, no Satellite navigation means no aeroplanes, ships navigating by the stars, emergency services having to rush out and buy maps of the city, UPS and their competitors losing their way, and even worse than all this Sainsbury’s not being able to deliver Mrs French’s vegetables on time.

Easy to take lightly but really quite a serious problem.

Dependence is a difficult thing to overcome, but scientists are experimenting with bringing old satellites back to Earth. A sort of Kite is being trialled that once attached to its objective slows it down so that it enters the atmosphere and burns up, but this must be seen against a backdrop of more satellites being launched every month. They are both commercially and militarily extremely important.

Who has the right to govern space though? Competition rules and it is big business.

For a more detailed incite have a look at these postings on the Bassetti Foundation website.