PhoneFactor

Last updated

PhoneFactor is a proprietary multi-factor authentication owned by Microsoft. It uses telephone calls, SMS messages, and push notifications to verify identity. [1] [2]

PhoneFactor was originally developed by Positive Networks Inc., founded in 2001 by Tim Sutton and Steve Dispensa. [3] The PhoneFactor product was launched in 2007, [4] and the company changed their name to PhoneFactor Inc. in 2009. [3] [5] On October 4, 2012, Microsoft acquired PhoneFactor, [6] and the PhoneFactor service is now available as Azure Multi-Factor Authentication. In addition to securing on-premises applications and identities, the service now also works with cloud applications like Microsoft 365 that use Windows Microsoft Azure Active Directory.

Related Research Articles

An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.

In telecommunication, provisioning involves the process of preparing and equipping a network to allow it to provide new services to its users. In National Security/Emergency Preparedness telecommunications services, "provisioning" equates to "initiation" and includes altering the state of an existing priority service or capability.

<span class="mw-page-title-main">Authentication</span> Act of proving an assertion, often the identity of a computer system user

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

IEEE 802.1X is an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides an authenticated inter-process communication (IPC) mechanism. In 1987, Microsoft and 3Com implemented SMB in LAN Manager for OS/2, at which time SMB used the NetBIOS service atop the NetBIOS Frames protocol as its underlying transport. Later, Microsoft implemented SMB in Windows NT 3.1 and has been updating it ever since, adapting it to work with newer underlying transports: TCP/IP and NetBT. SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

<span class="mw-page-title-main">One-time password</span> Password that can only be used once

A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.

<span class="mw-page-title-main">Microsoft Forefront Threat Management Gateway</span>

Microsoft Forefront Threat Management Gateway, formerly known as Microsoft Internet Security and Acceleration Server, is a discontinued network router, firewall, antivirus program, VPN server and web cache from Microsoft Corporation. It ran on Windows Server and works by inspecting all network traffic that passes through it.

Active Directory Rights Management Services is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

A password manager is a computer program that allows users to store and manage their passwords for local applications and online services like a web applications, online shops or social media. Password managers usually simplify authentication by reducing interaction from many steps like “recall-enter-submit” to one step “submit”.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

<span class="mw-page-title-main">Microsoft Azure</span> Cloud computing platform by Microsoft

Microsoft Azure, often referred to as Azure, is a cloud computing platform operated by Microsoft that provides access, management, and development of applications and services via globally-distributed data centers. Microsoft Azure has multiple capabilities such as software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools, and frameworks, including both Microsoft-specific and third-party software and systems.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence. MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

<span class="mw-page-title-main">James Won-Ki Hong</span>

James Won-Ki Hong is Director of Innovation Center for Education, Co-Director of Cetner for Crypto Blockchain Research, and Professor of Dept. of Computer Science and Engineering at POSTECH. He served as Dean of Graduate of Information Technology at POSTECH from 2015 to 2019. He was Senior Executive Vice President and CTO of KT Corporation leading R&D activities from March 2012 to Feb. 2014. He received a Ph.D. degree from the University of Waterloo in 1991. His research interests include blockchain, network management, network monitoring and network analysis, ICT convergence, ubiquitous computing, and smartphonomics. He has served as Chair (2005–2009) of the IEEE Communications Society, Committee on Network Operations and Management. He has also served IEEE ComSoc Director of Online Content. He is Editor-in-Chief of International Journal on Network Management (IJNM) and of ComSoc Technology News. He is the Chair of Steering Committee of IEEE IFIP NOMS International Symposium on Integrated Network Management and Steering Committee member of APNOMS. He was General Chair of APNOMS 2006, and General Co-Chair of APNOMS 2008 and APNOMS 2011. He was General Co-Chair of IFIPS NOMS 2010. He is an editorial board member of Transactions on Network and Service Management, Journal of Network and Systems Management and Journal of Communications and Networks.

Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code. This facilitates application development while at the same time providing users the benefit of being able to log into multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token. ACS was retired by Microsoft on November 7, 2018.

<span class="mw-page-title-main">Microsoft account</span> User account required for Microsoft-owned services

A Microsoft account or MSA is a single sign-on Microsoft user account for Microsoft customers to log in to Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.

<span class="mw-page-title-main">Victor Bahl</span> American computer scientist

Victor Bahl is an Indian Technical Fellow and CTO of Azure for Operators at Microsoft. He started networking research at Microsoft. He is known for his research contributions to white space radio data networks, radio signal-strength based indoor positioning systems, multi-radio wireless systems, wireless network virtualization, edge computing, and for bringing wireless links into the datacenter. He is also known for his leadership of the mobile computing community as the co-founder of the ACM Special Interest Group on Mobility of Systems, Users, Data, and Computing (SIGMOBILE). He is the founder of international conference on Mobile Systems, Applications, and Services Conference (MobiSys), and the founder of ACM Mobile Computing and Communications Review, a quarterly scientific journal that publishes peer-reviewed technical papers, opinion columns, and news stories related to wireless communications and mobility. Bahl has received important awards; delivered dozens of keynotes and plenary talks at conferences and workshops; delivered over six dozen distinguished seminars at universities; written over hundred papers with more than 65,000 citations and awarded over 100 US and international patents. He is a Fellow of the Association for Computing Machinery, IEEE, and American Association for the Advancement of Science.

Passwordless authentication is an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier and then complete the authentication process by providing a secure proof of identity through a registered device or token.

Azure AD is a cloud-based identity and access management solution from Microsoft. It is a multi-tenant, cloud-based directory and identity management service that provides authentication and authorization services to cloud-based applications, as well as other Microsoft services such as Office 365, Dynamics 365, and Azure. Azure AD is designed to provide a single sign-on experience for users across all their applications, whether they are cloud-based or on-premises.

References

  1. Haiyang Qian; Chandra S. Surapaneni; Steve Dispensa; Deep Medhi (June 2009). Service Management Architecture and System Capacity Design for PhoneFactor--A Two-Factor Authentication Service (PDF). IFIP/IEEE International Symposium on Integrated Network Management (IM'2009). Archived from the original (PDF) on 2013-09-27.
  2. Haiyang Qian; Chandra S. Surapaneni; Marsh Ray; Steve Dispensa; Deep Medhi (April 2010). DReaM-Cache: Distributed Real-Time Transaction Memory Cache to Support Two-Factor Authentication Services and its Reliability (PDF). IEEE/IFIP Network Operations and Management Symposium (NOMS'2010). Archived from the original (PDF) on 2013-09-27.
  3. 1 2 "Positive Networks changes name to PhoneFactor". Kansas City Business Journal. bizjournals.com. 7 January 2009. Retrieved 11 July 2018.
  4. "Two-Factor Authentication Without Tokens: Positive Networks Debuts PhoneFactor(TM)" (Press release). Business Wire. 22 May 2007. Retrieved 11 July 2018.
  5. Quain, John R. (8 Oct 2008). "Logging on Securely, and Confirmed via a Cellphone Call as a Sentinel Against Intruders". New York Times / NYT.com.
  6. "Microsoft buys security vendor PhoneFactor". Computerworld. 4 Oct 2012.