Easier user enrollment and authentication
What should be common sense – implement MFA to improve security – still faces a lot of resistance in many organizations, from Product- or IT-managers, and from end-users as well: MFA has the reputation to be complex to implement and to use. To change this, inWebo has taken a user perspective – “how can we make 2FA as invisible as possible” -, but also an IT-manager perspective – “how can we automate most events in the 2FA credentials lifecycle”.
In-App and browser-based authentication methods are the answers we came up with to make MFA super convenient: when employed, users don’t need a “token”, not even an App or a plugin. Besides, they do not see one-time codes. In a word, users are not even aware of the security mechanisms taking place behind the scene. We also speak of “tokenless MFA”, this is really an optimal form of MFA. Of course our solution also supports other classical 2nd factor options such as push OTP, online and offline OTP, and even SMS-OTP.
To automate the credentials management and make MFA implementation easier and faster for organizations, we did the following:
- Build complete and customizable enrollment and credentials management workflows in the solution
- Develop a user directory synchronization tool
- Pre-integrate applications and third-party products
- Provide a very extensive toolbox to support complex authentication needs or organizational situations, while keeping the solution simple enough in order that MFA can be deployed in a matter of minutes for most common use cases
- Provide free evaluation accounts. It makes it possible to instantly evaluate all features and options of our solutions. No credit card required!
Secure software+SaaS authentication: HSM and random dynamic seeds
Not so long ago, MFA was a low-innovation but reputable industry where vendors all proposed hardware-based tokens or devices, and (expensive) authentication appliances or servers. Since then, MFA has jumped in the innovation wagon and several technology waves such as Mobile and Cloud have totally changed the supply side. Most MFA vendors now only have SaaS-based mobile authentication in their portfolio.
Innovation brought less expensive MFA solutions to the market, but how did it impact their security? Most CISOs we talk to have a short answer to this question: MFA solutions they see on the market are not security solutions. There are 3 main reasons for that, that these vendor solutions all verify: 1/ someone hacking their back-end server would get access to the entire credentials database (major names in the industry have suffered this kind of breach recently), 2/ customers have no way to verify the integrity of the authentication solution and why they should trust that the vendor has not been compromised, 3/ someone cloning an authentication device would easily impersonate the user, even if the second factor is not stored with the device.
inWebo took a different approach that prevents all 3 common ‘flaws’ of software+SaaS MFA solutions. We built our authentication algorithms using dynamic and random device credentials. The verification algorithms run within certified HSMs (hardware-security modules) operated in our multi-datacenter infrastructure. From a security standpoint, our solution is equivalent if not better than those 10 years ago. Yet, it also enjoys the flexibility, scalability, and convenience of a software+SaaS solution.
A simple, all-inclusive model
inWebo is a platform. We sell an authentication service, not tokens and (usually) not short-text messages either. We almost always sell the authentication service per user and per year, all-inclusive: authentication methods and usage. “Almost”, because if your model requires us to propose a different model (e.g. per transaction, post-paid instead of prepaid, per application or per object…), we can accommodate it as well.