QR code enables authentication: SecurEnvoy demonstrates ‘One Swipe’ at Infosecurity Europe
Date: Mar 27, 2014
Guest Blog: SecurEnvoy
Infosecurity, one of the largest European trade fairs for information security, will be taking place at Earls Court in London from 29 April to 1 May. And the exhibitor SecurEnvoy will transform its stand H10 at the event into a cosy pub and provide information about its tokenless two-factor authentication method. In this relaxed atmosphere, the company’s experts will be presenting their new One Swipe technology live. This approach does not require mobile phone reception or an internet connection, as the user simply scans a one-time QR code using a webcam in order to prove his or her identity.
With the SecurEnvoy technology, users can unambiguously identify themselves without the need for a dedicated token, using a combination of personal login details and a passcode. They can receive the code by text message, e-mail, voice call or soft token app. A new addition to this range of transmission channels is the One Swipe method, which also works completely offline and significantly accelerates authentication. In the soft token app for smartphones, the user generates a QR code, which he or she then scans using a webcam attached to the mobile device, e.g. a laptop, after entering his or her personal login details. This takes just seconds and confirms the user’s identity.
Seed records can pose a security risk
In addition to the live demonstrations at the exhibition stand, the specialists will also be on hand to provide information about the potential dangers associated with two-factor authentication. Some manufacturers, for example, store copies of the seed records used for authentication on their servers. This increases the risk that hackers can steal sensitive data en masse once they access those servers. In addition, government agencies in some countries could, depending on local laws, request access to the seed record copies and thereby secretly spy on businesses. SecurEnvoy circumvents these risks by ensuring that seed records are always separated into two parts. Read more.
See Tokenless 2FA in action: