Security Beyond Passwords
Organizations increasingly recognize that user passwords are no longer enough. inWebo provides them with convenient and secure alternatives.
Where does inWebo replace passwords with OTP?
Pretty much everywhere.
- We replace employees’ passwords when they sign in to a cloud application (Office 365, G Suite, Salesforce, etc.), a web portal, a VPN, or even a laptop (Windows logon) or a server.
- We replace customers’ passwords when they sign in to a mobile application or to a web portal (banking, healthcare, payment, bitcoin, etc.).
- We also replace passwords (and keys or badges or tickets) in all sign-in use cases in the physical world: connected cars, shared vehicles (cars, bikes, scooters…), autonomous vehicles, connected medical devices, physical access to residential or corporate buildings, DRM-protected resources, events … and other smart or connected “things” (IoT) and systems that need frictionless access control.
Convenient and secure alternatives to passwords
We replace passwords with device-dependent one-time passwords (OTP). Device-dependent means that we only authorize access requests issued from one of the user’s devices (computer, tablet, smartphone…). Someone who doesn’t have one of the user’s devices can’t get access, even if he knows his or her password. This works as an additional layer of security, it’s why we speak of second factor authentication. One-time means that it can’t be reused. Someone wanting to get access must have one of the user’s devices at the time of access – having been in possession of that device in the past is of no help.
See this page for more details on the available authentication methods: flavors of OTP such as SMS-OTP, push-based OTP, offline OTP, browser-based OTP, and in-App OTP. The page also details the user experience with the various 2FA options.
2-step verification, 2-factor authentication, local authorization
Depending on the application or access that you need to secure, you may choose among the following scenarios that inWebo supports:
- 2-step verification: if you use inWebo as an additional security layer implemented on top of your existing authentication infrastructure (Active Directory for instance), there’s probably no need to ask the user for a second secret. Therefore we recommend to configure OTP to depend only on a trusted device; inWebo manages the second layer of authentication only.
- 2-factor authentication: alternatively, if you replace the complete authentication process with inWebo, we’ll take care of both layers, such as a user secret (not linked to the Active Directory password) and a user trusted device. You no longer need to store user credententials in your infrastructure.
- Local sign-in: this covers somewhat different use cases. A first category includes paired use cases where a user signs in to a computer using a smartphone and opens a local session or a session on a Windows domain. It also covers unpaired use cases where a user requests access with a specific usage context (time, duration…) using a smartphone to a shared object such as a rental car, a door lock, etc., and is granted authorization locally.
inWebo MFA platform and solutions
Providing an authentication technology (authentication methods & validation methods) only solves a tiny part of the questions faced by an organization deploying multi-factor authentication. inWebo solutions, implemented by our platform, consist in:
- Authentication methods for the users
- A dedicated authentication account for your organization on our platform
- Connectors and pre-integrated modules to link the applications needing MFA and the organization account
- Users and devices management tools: on-boarding workflow, support interface, usage logs
- A full API and a webconsole to configure and manage the organization account
- An optional directory synchronization tool to automate user management