Last updated: 21 March 2014
What does the Bring Your Own Device (BYOD) trend have to do with solving the password problem? It may actually be the solution. In fact, the solution is probably already in the hands of your employees—their mobile smartphones.
A recent report by the Anti-Phishing Working Group (APWG) noted a startling 30% of PCs worldwide are infected with malware—malicious software—designed to steal login credentials and other sensitive information. In addition, the New York Times reported that security researchers have discovered antivirus software only detects new malware 5% of the time. And while new attacks only last for about an hour, the antivirus industry takes on average almost a month to detect and fix them.
Two-factor authentication is accomplished by combining something you have, your mobile phone, with something you know, your password, to verify your online identity. Many consumer-facing companies are using apps that generate one-time passwords (OTPs) on mobile devices, but this approach can also be used for large-scale deployments by IT departments to strengthen enterprise network security.
Today, with the ubiquity of mobile phones, the device actually becomes the second factor of authentication. For example, a text message one-time password (OTP) to a mobile phone is a very low cost way to throw a high barrier in front of hackers trying to penetrate corporate IT systems. Another even more secure option is to use a (OTP) app on the phone. This turns a mobile phone into an OTP token, allowing IT staff to quickly and easily deploy a multi-factor authentication solution that is generally well received by employees as there’s no need to keep up with extra hardware.
BYOD is a trend that is here is stay. Industry researchers at IDG estimate 63% of companies already support smartphones for work use and 45% expect to add tablets too over the next 18 months. As companies add support for BYOD, they might consider using employees’ mobile phones to strengthen login security. With BYOD and Mobile OTP, the answer to the enterprise password problem could be easier to solve than you think.
