Leveraging its phone-based authentication platform, PhoneFactor can now verify users by sending a one-time Passcode via an SMS text message, giving users the option to verify identity through a phone call or text message.

With the new SMS-based authentication solution, PhoneFactor sends the user a text message containing a one-time Passcode. The user replies to the message by texting back the one-time Passcode to complete the authentication -- a simple, secure and completely out-of-band process.

PhoneFactor's new offering gives users the flexibility to decide the authentication method that best meets their needs and personal preferences. By adding SMS Authentication to the PhoneFactor platform, users choose either a phone call or text message -- all with the same level of out-of-band security and convenience. In addition, PhoneFactor's SMS Authentication offers:

-- 100% Out-of-Band Authentication -- Instead of placing a voice call to the user, PhoneFactor SMS Authentication sends a one-time Passcode to the user's mobile phone via an SMS text message. The user sends a text message reply that contains the one-time Passcode to authenticate, and because the one-time Passcode is both sent and confirmed through SMS, the process is completely out-of-band.

-- Standard One-Time Passcode Authentication -- Instead of replying to the SMS text message, organizations can allow users to enter the one-time Passcode directly into the login interface. As with a security token, the user must enter a one-time Passcode to verify the possession of a trusted device -- but unlike tokens, PhoneFactor leverages a device the user already has -- their phone.

-- PIN Security -- SMS Authentication users can add an additional layer of protection by requiring users to provide a personal identification number (PIN) in addition to the one-time Passcode to authenticate. Users can be prompted to include their PIN along with the one-time Passcode when replyinglying to the text message or to enter it into the login interface.

-- Support for Transaction Verification -- Details about pending transactions can be provided in the SMS text message that is sent to the user. In the event that a user's authenticated session has been hijacked, the attacker cannot complete a transaction without the user's
explicit approval.

"PhoneFactor's new SMS Authentication platform provides not only the security users need, but does so in a convenient and easy-to-use fashion," said Tim Sutton, CEO of PhoneFactor. "By offering a completely out-of-band security solution, PhoneFactor provides users -- whether enterprise companies, banking and financial services organizations or government agencies -- with the peace of mind they need and a solution they can trust."