Two-factor authentication is gaining traction among online service providers as a way to prevent their customers' accounts from being hijacked.
2FA is relatively simple. In addition to a username and password, a single-use code is sent -- typically to a user's cellphone -- to verify the customer's identity.
Some government departments and branches of the military have been using 2FA for years. However, it usually involves a dedicated token -- just another gadget that has to be lugged around and can be lost, stolen or forgotten.
The complexity and expense of token-based systems has acted as a brake on the more widespread adoption of 2FA in the federal government.
With governments at all levels looking for economical and effective security solutions, a 2FA system that uses something employees already have -- their mobile phones -- could be an attractive proposition.
While agencies still would need to pay licensing fees to Globalscape and SMS Passcode, much of the overhead of token-based systems could be eliminated.
"It dramatically increases security with only those licensing fees," Greg Hoffer, senior director of engineering for Globalscape, told TechNewsWorld. "That's a lot cheaper than solutions that are hardware based or Web-application firewall-based."
Another benefit of the SMS solution is that it's location aware, he noted.
"If a log-in attempt originates in China and we know your mobile phone is in the U.S. or Canada, the system will block the log-in attempt," Hoffer explained. "So it increases security through geo-awareness."