"We Mean E-Business since 1998"

Two Factor Authentication

Strong two factor authentication using one time passwords & e-signatures

When the question comes of security of your website or application no matter how much worth your business is, it should be 100% secured. There are many ways to ensure your website or application is secure enough; one of those is strong two factor authentication, using One Time Passwords (OTP) Adweb provides, a simple and better way to make your applications secure over any network and on any platform. Adweb is the leading Two Factor Authentication service provider in India. We have mainly focused on three key points: Technology, Process and People.


What is Two Factor Authentication?  

Two-Factor-Authentication is a confusing word, which is nothing but two layers or two steps for authentication. Two-Factor-Authentication can be achieved by using something you have such as an ATM Card / Mobile Phone, physical number generating token, coupled with something you know such as a secret PIN or password.

Alternatively, two factor authentications can also be achieved by identifying something you are such as a retina scan or finger print, and something you know such as a secret pin or password.

Consider this; a hacker sniffed your, bank account, PIN or password from a public Wi-Fi network, by tracing network packets or using some malware to attack your PC. He still will not be in a position to access your account as your bank would have implemented strong, two factor authentications using an additional password generated, from a mobile application, on a phone which is in your possession.

The most common example of usage of two factor authentications, in our daily life is when we withdraw money from a bank ATM. We use an our bank provided ATM card, which is considered to be one of the factors or identification, and we enter a secret PIN on the screen, which is considered to be the second factor of secure authentication. If only both of these match, do we get access to our bank account via the ATM. So even if your ATM card is stolen, the chances of the thief being able to withdraw money from your bank account, is next to impossible, if you have not also disclosed the secret PIN for the account by writing it down and keeping it in your wallet, or writing it on the card itself.

Two Factor Authentication utilizing OTP - One Time Password for IT applications and infrastructure.

A onetime password as the word indicates is only valid for a specific time interval or one time usage. Starting from Google/Gmail, Facebook, Apple, Twitter, PayPal, Drop Box, Yahoo, LinkedIn, etc. many of your favorite sites have implemented Two Factor Authentication. Since the cost of implementing Two Factor Authentication is very low, it has been actively promoted on IT infrastructure and applications.

Some of the more popular applications are;

Application Security, Banking Security, Network Security & Cloud App Security.

Public Key Infrastructure (PKI)

When it comes to authentication and authorization, Encryption is considered as one of the most important components of the layered security. Public Key Infrastructure (PKI) refers to the specialized systems, methodology and approaches that aggregately give a framework for addressing the previously illustrated fundamentals of security - confirmation, secrecy, integrity, non-revocation and access control.

PKI is made-up of five components as listed below.

  • Certification Authority (CA): serves as the root of trust that authenticates the identity of individuals, PCs and different substances in the system.
  • Registration Authority (RA): is certified by a root CA to issue certificates for utilizations allowed by the CA. In a Microsoft PKI environment, the Registration Authority is regularly called as a subordinate CA.
  • Certificate Database: saves certificate requests issued and revoked certificates from the RA or CA.
  • Certificate Store: saves issued certificates and pending or rejected certificate requests from the local computer.
  • Key Archival Server: saves encrypted private keys in a certificate database for disaster recovery purposes in case the Certificate Database is lost.

PKI is the encryption approach where pair of cryptographic keys are utilized to encrypt and decrypt information, one is public and one is private key. A client can give open key to anybody, utilizing that sender encrypts the data. A owner then uses private key to decode the information. PKI additionally can be utilized for big business and SMB-class databases, electronic archive and forms signing, secure texting, cell phone security, securing USB storage gadgets, Windows Server Update Services, Active Directory and then some. Cases of PKI innovations are OpenPGP or S/MIME, encryption of records utilizing the extended Markup Language (XML), and so forth.

  • captcha





  • © 2015 - All rights reserved.