Two-factor authentication (2FA) is a security process in which the user provides two means of identification, one of which is typically a physical token, and the other of which is typically something memorized (a security code). The most common example of two-factor authentication is a bank Debit card: the card itself is the physical Token and the personal identification number (PIN) is the Security Data. Only when the user clears both the Authentications, he's allowed to access the information or take action.
In recent past, the company has won major recognitions - Finalist in NASSCOM - DSCI Excellence Awards 2012, NASSCOM Emerge 50 2012 Award and NASSCOM IP4Biz Award 2012. Tech24Hours had the unique opportunity to interview Mr. Pavan Thatha CEO and Co-Founder of ArrayShield. We hope you enjoy this interview as much as we did.
 |
| Pavan Thatha Co Founder and CEO at ArrayShield |
A. One time password through mobile SMS has issues of delay and dependence of service provider coverage and issues like international roaming. It has been proven that tokens are susceptible to session hijack using real time replay attack to take over from a user and do the transaction using his credential and password within the 60 sec time validity of password from token. PCQuest recent review confirms this with its conclusion stating ArrayShield offers most secure authentication amongst available solutions.
http://www.arrayshield.com/arrayshield-product-review-in-pcquest
Q. Two Factor Authentication is visible to common man in electronic computer authentication, implemented in password, PIN, ATM card, smart card, car keys, and at more advanced levels in bio-metric characteristic, such as a fingerprint. Is there a real understanding and importance of Two Factor Authentication among service providers (banks, law enforcement etc.) and users(customers)?
A. Service provider initiatives are driven by regulators like RBI, SEBI guidelines. RBI,SEBI does recommend 2FA but it is still left to Service provider to interpret 2FA which results in many deployments of 2FA which are NOT really 2nd factor of authentication. Using two levels of password, password through virtual keyboard are not really 2FA. One time password through mobile in addition to user name and password comes close but has its own challenges of delay, service provider coverage, etc. Token’s which generate pass codes are expensive and not convenient for users to carry all the time. Users hence have no choice but to use the 2FA offering provided by the service provider.
Q. To what extent "pattern based Two Factor Authentication" secures a bank account or a smart card access?
A. ArrayShield’s pattern based Two Factor Authentication secures enterprise application access, online banking transactions through its innovative, affordable, easy to deploy, use and carry pattern based authentication that ensure only authorized users are allowed access.
Q. How big is "Two Factor Authentication" and "pattern based Two Factor Authentication" market in India?
A. Now Two Factor Authentication is considered a must to have solution like an antivirus, firewall by most of the organizations. Traditional enterprise market for 2FA (2 Factor Authentication) in India is around 25 million USD (approx. 138 crore Rupees) and growing at 20% CAGR (Compound Annual Growth Rate). The market size will see dramatic change with SaaS (Software as a Service), Cloud (Information is Stored in Remote servers), and hosted model gaining tremendous traction. More and more people are working outside perimeter requiring authentication. Merely depending only on users’ password strength to allow applications like email, ERP (Enterprise Resource Planning), CRM (Customer Relationship Management) access from outside are too risky for business of any size. Affordable, easy to deploy/use offering comprehensive 2FA will expand 2FA market faster than ever before.
About ArrayShield
ArrayShield Technologies, is provider of innovative Pattern based Two Factor Authentication Solutions. ArrayShield is recognized as one of the Top 100 fastest growing companies in Asia by RedHerring and was conferred RedHerring 100 Asia Award in year 2011. ArrayShield’s patent protected technology has won multiple awards and recognitions at global level for its pioneering innovation. ArrayShield is a member of NASSCOM, the apex body of the Indian Software Industry and also actively contributes to events organized by ISACA and DSCI (Data Security Council of India).
--------
No comments
Post a Comment