After Gmail hacking: conventional password protection is not enough

Share Article

SecurEnvoy at it-sa – secure authentication, even when offline

Five million stolen Google Mail passwords

"Our tokenless two-factor authentication method combines something that the user knows, e.g. his/her PIN, and something that he/she possesses, such as a smartphone, tablet or laptop," comments Steve Watts, Sales and Marketing Director at SecurEnvoy.

Hackers recently got their hands on almost five million Google Mail passwords and published these on the Internet (source: Such news stories show that conventional password protection is no longer sufficient on its own. SecurEnvoy, the inventor of tokenless two-factor authentication, has been looking at this issue for many years and designs technologies that ensure greater security for network login procedures. The company will be demonstrating its solutions at the it-sa trade fair in Nuremberg, Germany, which is being held from 7th to 9th October. Technologies such as its new "One Swipe" method will be presented at Stand 528 (in Hall 12). This new solution enables secure two-factor authentication even when users are offline.

The use of a password alone is not usually secure enough for protecting network access. This statement is supported by recent headlines about millions of hacked passwords. Such thefts can be extremely damaging to companies in serious cases. Many companies have already implemented two-factor authentication in their networks, but still use methods that involve dedicated tokens, which have been proven to be cumbersome to use. With this approach, employees don't just enter a username and password/PIN when logging in, but must also authenticate themselves using a physical token, such as a smartcard. This means that users must carry these tokens with them wherever they go in order to be able to gain access to the network.

But, in the opinion of SecurEnvoy, such authentication methods are too inflexible and the company believes that the costs associated with physical tokens should be kept to a minimum. It therefore developed a technology with which smartphones, which virtually everyone has with them all the time anyway, can be used as tokens. With SecurEnvoy, the passcodes required for authentication can be requested by users via SMS, e-mail, voice call or soft token app. And a further option is now available in the form of the new One Swipe offline authentication function.

QR code resolves the issue
With the One Swipe method, proof of identity is provided by means of a PIN and a unique QR code. Only the correct combination of these permits a successful login. One Swipe allows users to authenticate themselves in a network even if they do not have mobile phone reception or an Internet connection. They enter a PIN into the soft token interface, after which the smartphone or tablet generates a single-use QR code. This code is then scanned using a webcam on a computer or on a mobile device. The information thereby transmitted provides conclusive evidence regarding the identity of the employee. This completes the network login process.

"Our tokenless two-factor authentication method combines something that the user knows, e.g. his/her PIN, and something that he/she possesses, such as a smartphone, tablet or laptop," comments Steve Watts, Sales and Marketing Director at SecurEnvoy. "In order to make such authentication possible even if the user is offline and has no mobile phone reception, we developed the One Swipe technology, which already works on the new iPhone 6. With One Swipe, the time and place from where the user logs in is now irrelevant. All users can flexibly and unambiguously authenticate themselves in their corporate network using a mobile device that they have with them anyway. This is an increasingly important aspect for employers in this age of increased remote working."

Trade fair visitors can discuss these issues and the solutions with SecurEnvoy experts by visiting stand 528 in Hall 12.0 at it-sa. An overview of the various token options is available on the SecurEnvoy website.

About SecurEnvoy plc:
SecurEnvoy is the creator of patented tokenless solutions for two-factor authentication. Millions of global users already benefit from the fastest mobile authentication process available that doesn’t require a token. The process uses commonly available devices like mobile and smartphones, tablets and laptops to provide the passcode required for authentication. Even without mobile phone reception or an internet connection, the user can obtain the code via voice call or enable identification using one-swipe technology, which is based on a QR code scan. The product range of the company based in London (UK), Frankfurt (D), New York and San Diego (USA) includes the SecurAccess solution. The administration tools can easily be integrated into existing IT infrastructures and allow administrators to add up to 100,000 users per hour. SC Magazine awarded the solution ‘Best Buy’ and the company has been classed as a leading visionary in Gartner’s Magic Quadrant. SecurEnvoy has a customer base in all vertical segments, including banking, finance, insurance, government, manufacturing, marketing, retail, telecoms, charity, law and construction. The authentication expert collaborates with partners such as AEP, Astaro, Cisco, Checkpoint, Citrix, Juniper, F5, Palo Alto, Sophos, etc. See for further information.

Further information:
SecurEnvoy Ltd.
Steve Watts
Sales Director
E-mail: swatts(at)securenvoy(dot)com

Global HQ:
SecurEnvoy Global HQ
Merlin House
Brunel Road

USA branch I:
373 Park Ave South
New York,
NY 10016

USA branch II:
Mission Valley Business Center
8880 Rio San Diego Drive
8th Floor San Diego CA 92108    

PR agency:
Sprengel & Partner GmbH
Nisterstrasse 3
56472 Nisterau, Germany

Contact partners:
Olaf Heckmann
Marius Schenkelberg
Tel.: +49 (0)26 61-91 26 0-0
Fax: +49 (0)26 61-91 26 0-29
E-mail: oh(at)sprengel-pr(dot)com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Steve Watts
Follow >
Visit website