A username and password are no longer enough to authenticate the identity of employees accessing corporate networks and data. Research indicates that weak or stolen user credentials are the preferred weapons used by cybercriminals, and are behind approximately 76 percent of all network intrusions.
Traditional two-factor authentication requires something the user knows (usually a password) and something the user has (like a token, fingerprint or mobile phone). In the past, companies distributed hardware tokens to their employees to help validate their identity when logging in; however, over time, these types of solutions have proved cumbersome and expensive for IT to manage effectively, while offering little convenience for end-users.
SMS PASSCODE offers a balance between strong security and high user convenience, with features that include:
Leveraging the one thing users always carry with them – their mobile phone – and provides a superior user experience by taking full advantage of contextual information such as time, geo-location, and type of login system being accessed.
Intelligent authentication that sees whether users are logging in from trusted locations like home or the office, versus an airport lounge with public Wi-Fi (for example), and conveniently delivers the appropriate level of security for the users.
How SMS PASSCODE works with EFT
Globalscape EFT includes multi-factor authentication through the SMS PASSCODE platform. On a local or LDAP-authenticated site, the administrator can configure EFT to connect to SMS PASSCODE to deliver a one-time use passcode via text message (SMS), a voice call, through email, or via an app to the user’s mobile phone as part of the login process for HTTP, HTTPS or SFTP transfers. Codes are generated in real time when the user enters a correct username and password, and the codes are locked to the session ID of the device used to log in from for added security. Following the successful entry of the SMS code, the user has full access to their files and folders. Any user account that is configured to use SMS authentication must supply the correct user name, password and unique one-time passcode delivered to their mobile phone in order to log in.
Convenience: leverages the one thing users always carry with them – their mobile phone
Reduced cost: no hardware tokens to buy or maintain
Codes are never stored: real time, session-specific codes
Superior user experience: avoid burdensome passwords
Better security: intelligent authentication assesses the threat level and dynamically adjusts the level of user authentication needed
Easy to implement, manage and scale
“Today’s modern cybersecurity threats have overwhelmed passwords and tokens, and companies are seeking strong authentication that protects their employees and is easy to use. With the integration between Globalscape and SMS PASSCODE, system administrators can easily add multi-factor authentication to their secure file transfer via EFT without compromising the user experience.”Says Torben Anderson, chief commercial officer at SMS PASSCODE“We are excited to partner with a visionary security company like Globalscape that shares our passion for keeping corporate networks and data secure.”
“Technology integrations that can improve authentication security for our customers just make sense in our EFT solution.”says Greg Hoffer, senior director of engineering at Globalscape“We have been hearing about phone-based authentication as a second factor for many years; it has significant usability and security improvements over the legacy token-based approach to two-factor authentication. SMS PASSCODE has a well-designed, thoughtful implementation of phone-based multi-factor authentication. Their platform ties seamlessly into our EFT solution to provide the most secure enterprise class of secure file sharing on the market.”