Phone-as-token: availability/security

Verisign Masters of Internet Infrastructure

@font-face { font-family: "MS 明朝"; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria; }.MsoChpDefault { font-family: Cambria; }div.WordSection1 { page: WordSection1; }

The other aspect of phone-as-token to keep in mind is that the further the service gets from relying on plain phone communications (such as robocalling you with a number to type in), the less reliable the device is as a conduit for the information. Availability is a critical consideration for any cell phone-mediated security system. The more geographically dispersed the community of users being given the token-by-phone service is, the greater the concern. Serving staff in metro areas and  suburbs may be easy (although cell reception is bad enough in my house in the middle of a major city that I’d need to put in a femtocell to guarantee reliable access!). Serving clients in rural areas beyond the suburb may not. 

Companies or organizations providing services to geographically dispersed user bases—credit unions, say, or phone companies, or power companies—may want to consider using traditional dedicated token generators instead, or to combine app or text-based delivery with robocalls for those who may sometimes need them. The more dispersed the user population, the more important it is to use strong authentication. You just have to be sure strong doesn’t preclude usable.


Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022