The Security Industry’s Coveted Excellence Award Winners and Finalists from all over the world were
Since Swivel began, we’ve been innovators in image-based, tokenless authentication via web browsers and is one of the most popular ways to deploy the Swivel solution – all designed to protect web pages, Outlook Web Access (OWA) and SSL VPNs. In this mode the user is presented with their challenge (security string) in the same channel that they will enter their response (one-time-code). This is generally implemented within a browser.
We have a number of different ways this can be implemented: all of which enable simple and seamless integration with these technologies and all provide an effective alternative (or addition) to traditional, vulnerable username & password authentication.
As a user never actually enters their PIN, the process is never open to keyboard-logging hacks. This approach has a number of advantages including:
- Very easy to deploy
- Very easy to use
- Very flexible
The system is designed to withstand a range of attacks and therefore varies using a range of:
- A combination of alphanumeric security strings.
A TURing image is a security string represented as an image. The image has placeholders to help the user extract the One Time Code. The user combines their PIN in their head with the security string and enters their OTC within the login screen.
In this example, a PIN of 4359 would produce a One Time Code of 1268. The TURing image is by far the most popular authentication interface especially with users.
PINpad is composed of 10 images, each representing a number, which are randomly distributed on different keys each time it is used. The layout of the buttons can be varied, but the key pad design is popular.
There are two ways in which the PINpad solution can be deployed. The default method is for the OTC to be automatically entered into the form as the user mouse-clicks the digits of their PIN on the virtual keypad. As no real keys are used, the PIN cannot be intercepted or captured to any advantage to a hacker.
The alternative method is clickless OTC entry. The user enters their PIN by hovering over the digits for a set period of time. This means that there is no key press or mouse click to trigger a keylog or screen grab.
The BUTton is similar to PINpad, only it is modelled on a telephone keypad, so the user would enter the numbers that correspond to the buttons that represent the digits of their PIN. The advantage of two-dimensional representation is that users can use patterns to help them remember their PIN. So a user with a PIN of 1379 could remember their PIN being the ’Z’ pattern.
The same options for different backgrounds, fonts are also available for these types of images.
A key, and unique feature, of our authentication platform is our patented one-time-code extraction protocol PINsafe. PINsafe combines the use of registered PINs with random 10 digit security strings that are sent to you either by browser, mobile app, SMS and telephone either on demand or in advance. You then combine these in your head to work out your unique one-time access codes, putting you at the heart of the strong multi-factor authentication process. Learn More