Zero-Footprint Dynamic Passcode Authentication

Many have been lost in the multi-factor authentication lingo. Yes, it is simple to explain about a) what you know, b) what you have , c) what you are, and finally d) what you do; all processes assumed to be repeatable and inimitable.

First, when we move beyond the first factor, the end-user is now forced to carry or behave in certain way that does not trigger a false alarm with the authentication system leading to a certain degree of inconvenience.

Second, when it comes to online user authentication, there is indeed no physical verification of the type and origination of the response. The fundamental mode of operation is that all the extra factors (other than the 1st factor) are translated and transformed into a response that is echoed back to and verified at online authentication system. Thus, it is the end response that finally counts towards authentication and not how it is achieved.

Let us examine the goals and desirable characteristics of any online authentication system (solution). They can summarized as follows:

A tightly-coupled mutual assurance between the authentication server and the end-user
Shared secrets should be individual (user-centric) and sharing of such secrets among the end-users should be reasonably difficult
Response from the end-user should be ever-changing (dynamic) and ties it to the end-user
Ability to authorize/authenticate on a transaction (or access of resource) basis
Ease-of-use by the end-user and Ease-of-deployment (& maintenance) for the administrators

The first three in the above list ensure that the solution is resilient to Phishing and other password-stealing mechanisms. The latter two ensure that the solution is easy to implement, adopted by the end-users and real security is provided at a granular level balancing the convenience, while hackers won’t be able to piggy-back on their authenticated sessions.

Solutions that bring in the dynamicity in the end-user response with the help of mapping (transformational) virtual keyboards (& grids) using the underlying passwords are still susceptible to Phishing. The universality of such mapping mechanisms (keyboards/grids) make them vulnerable to Phishing through duplication of such mechanisms to deduce the underlying passwords. These do not meet some of the items (requirements) in the above list.

Finally, when it comes to out-of-band mechanisms such as phone factors where the access codes are delivered via SMS text messages, there are two compelling reasons to have a zero-footprint (client-side) authentication, viz.,

Online banking and other secure applications are increasingly being accessed and done through smart-phones. This would make cell-phones the main target of hacking for cyber thieves. As such one would need an extra out-of-band channel such as another cell-phone, to deliver access codes.
Time-sensitive applications would totally depend on service provider network’s ability to deliver the access codes in real-time.

Therefore, it would be more convenient and desirable to have a strong zero-footprint authentication meeting the specified requirements such that the authentication is device-agnostic. Not to mention the hassles of carrying usb-tokens/keyfobs and their maintenance costs.

Summary: A strong zero-footprint (client-side) solution that can meet all the above criteria and achieve a good balance of ease and convenience is highly desirable. Yes, it challenges the traditional thinking (at least in practice) zero-footprint solutions alone cannot deliver the desired online/remote end-user authentication.

I am not a technical geek; Explain what is iLogSafe that I can understand?

Can you pass on passwords and OTPs to hackers and still feel secure? Obviously “No”. With iLogsafe, even when hackers get your codes, your accounts are secured. Your exclusive iLogSafe codes are useless for hackers, providing a password-less hassle-free secure login.

I use faceId and Voice along with fingerprint and approvals on the app. Am I not secured?

The biometrics have been the mainstream when it comes to authenticating to the gadgets in our possession. But when it comes to online authentication, such authentication schemes fail to secure you from man-in-middle attacks as shown in the “app-based approvals” video.

Disclaimer: *copyrights belong to breakdev.org

I use super strong passwords, OTPs? Why do I need iLogSafe?

Passwords and OTPs were good until yesterday. With real-time interception and hacking (spoofing) your passwords and OTPs are now more vulnerable. Don’t take our word, following reinforce the fact that they are no longer secure.

I use public and private keys; am I not secure?

Yes, public and private key pairs are secure than passwords. However mobility across devices with keychains and webauthn are clunky at best with so many variant offerings. One can always replace public key and replace real user permanently;Read our article for more details HERE

Can you show the details of how my 2FA is vulnerable(contains hacker demo videos)?

The recent attacks as documented by Microsoft on more than 10K enterprises can be easily addressed by iLogSafe and for details please go Here

The following videos help you understand the risks.

Watch this if you currently use mobile app based approval as 2FA

Disclaimer: *copyrights belong to breakdev.org

How does iLogSafe secure my online accounts, money from hackers?

iLogSafe provides a frictionless and easy to use login codes that are locked up to your devices. The patented technology will enable detection of spoofing when someone else intercepts and submits codes. We are an industry standard and meet NIST AAL-3, which means your money and online accounts are hacker-safe.
If you are serious about securing your money and accounts from fraudsters, signup now for great early bird discounts (more than $150 value package)

Do I need to create another set of passwords etc.?

No. We are passwordless.
We don’t use any of your sensitive information such as biometrics nor any private information, including your cell phone details.
Our patented technology is fun to use and intuitive to understand. No teasing of your brain memory nor we ask to solve hair-pulling puzzles.
Your grandma can use this once the account is setup!

I got many more SaaS applications, can you secure them all?

Absolutely!
Below is a starter list. If your SaaS application is not in this list please fill out here
Our product team will work towards securing that app with iLogSafe.

Do I need to create multiple iLogSafe accounts for all the SaaS applications I need to protect?

No. One iLogSafe account can secure everything with our industry standard single-sign on and federation ; completely transparent to you and you just keep using your iLogSafe account.

What is the genesis of iLogSafe? Has this been tested?

iLogSafe is the culmination of years of hacking experience and cyber security management. Patents have been issued as a testimonial of the novelty and the utility of this unique technology pioneered by iLogSafe.

Easy to use and verify its security properties even by non-technical persons, scalable solution designed by a Ph.D. in computer science with CISSP/CISM certification, a regular speaker/presentor at several security conferences and who has successfully run Fortune 500 information security and risk management programs.

At the same time, even with such extensive information security expertise with iLogSafe team, we don’t relax; we are constantly plugged into latest cyber threats and move our program roadmap taking the latest hacks into account.

Our systems are constantly tested by real hacking from our pen-testing team and it goes through multiple checks on OWASP 10, Open API security standards through static and dynamic scans/testing.

Zero-Footprint Dynamic Passcode Authentication

Want to know magic with Anti-[Theft, Phish, Spoof, Bypass]?

Signup for Cybersecurity tips for Lawyers