13 December 2017
visit www.solutions.lexisnexis.com

VeriSign ships OTP generator iPhone app

01 April 2009  |  15050 views  |  2 iphone apps on screen

California-based digital security firm VeriSign has launched a free application on the Apple App store that turns an iPhone into a one-time-password generator for accessing online accounts.

The VIP Access for Mobile application generates unique six digit passwords every 30 seconds that are used in conjunction with a credential ID that is unique to the phone to identify users.

Customers enter the password, along with their usernames and passwords when logging in to accounts for two-factor authentication. The system currently works with around 40 Web sites, including eBay, PayPal and AOL and has been taken up commercially by a number of US credit institutions.

Fran Rosch, SVP, product and strategy, VeriSign, says: "Our ongoing efforts to strengthen the security of online accounts for mobile consumers give them the opportunity to enjoy the benefits of strong authentication through a device that's always with them and frequently in use."

Comments: (2)

A Finextra member
A Finextra member | 01 April, 2009, 14:17

While I am a vocal supporter of the idea to use mobile phones to strengthen security in transactions, I am not persuaded that an application for a single phone is ideal for the purpose.

Without questioning the dubious long term viability of such a solution in the face of hackers, I feel that an approach which would ultimately require participants to cater for a vast array of individual phone applications and the vast potential support issues is not in the interests of financial institutions.

I also notice that it doesn't quite make the process exactly easier for the customer. PINs logons and OTP's is a lot of hoo haa. Better you than me.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Cedric Pariente
Cedric Pariente - EFFI Consultants - Paris | 01 April, 2009, 15:57

One Time Password are definitely a step we can't avoid in fighting against online fraud. Static password do have this bad habit of being re-usable.

Using a phone app is not a bad idea, now that almost everyone has a phone (at least those who do online banking).

BUT simply adding the OTP layer to the classical user login/password, moreover in the same login page, DOES NOT PROTECT from Man in the middle, Phishing and certainly not against one of the most advanced hacking attacks that is Man in the browser.

I strongly believe in other types of architecture in order to exchange sensitive data or to ensure a secure connection.

The "2 entities" connection has reached its limits.

Being a hacker in nowadays is like being a fisherman in an sea with no water, all targets are apparent and easy to catch.

User are not security experts, and even when they do know a little bit about security, hackers surely do know more.

It is time to think like hackers in order to protect end-users from them.

Advanced architecture in the way data are exchanged is the answer. And more than 2 entities have to be involved.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

HSBC beefs up Web banking security with VeriSign

HSBC beefs up Web banking security with VeriSign

23 April 2008  |  9919 views  |  0 comments
Bank of America introduces SafePass mobile authentication service

Bank of America introduces SafePass mobile authentication service

11 September 2007  |  9441 views  |  0 comments
HSBC investigates 'out of band' authentication for Web users

HSBC investigates 'out of band' authentication for Web users

07 September 2007  |  13277 views  |  0 comments
One-time password generator squeezed onto bank card

One-time password generator squeezed onto bank card

01 May 2007  |  14098 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit www.aciworldwide.comvisit www.response.ncr.com

Top topics

Most viewed Most shared
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
12169 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
9361 views comments | 16 tweets | 22 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
7987 views comments | 17 tweets | 36 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
7353 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
7220 views comments | 20 tweets | 11 linkedin

Featured job

to £70K base, £105K ote, benefits
London, UK

Find your next job