Posts

Showing posts from January, 2013

Out with the Old and in with the New

I was asked today by a board member to respond to a question from a prospective investor who wanted to know how Live Ensure (our service) differed from two other – lets call them ….the more traditional solutions.  For the sake of this blog we will call them the Old and the New solutions.   Let me describe the Old Co solutions to you briefly.  They both embody technologies which are over a decade old ( think RSA ) such as tokens and servers ( both physical and virtual).  Their solutions rely on the user entering a PIN into a browser and thereby satisfying the ‘something you know ‘ part of strong authentication.   Here it is slightly edited. The biggest weakness of both Old Co solutions are the vulnerability to MITM and MITB attacks. Both require the user to enter a PIN ( something you know ) ie a second factor over and above the user name and password ( the single factor or weak authentication ). The user enters this PIN back into the browser which is as yet not secure and s