Common ShieldPass Questions
Put simply ShieldPass is the most secure, most usable and most cost effective online authentication solution for your website.
Mobile based authentication is vulnerable to a host of different attacks which ShieldPass is not.
From traditional malware attacks to GSM vulnerabilities breaking mobile authentication can be as easy as calling the telecom company and falsly reporting the phone stolen so all incoming SMS are transfered to a different number.
One time password tokens such as those used by major banks are vulnerable to a variety of man in the middle attacks used by advanced hackers and malware.
ShieldPass enables the client administrator to encode specific transaction information into the challenges themselves and thereby preventing man in the middle attacks even if the user’s computer is completely compromised by an attacker.
No. The animated screen challenges are simply web images. This means that any ordinary browser on any device, laptop or mobile will display the challenges and enable you to authenticate even in the most high security enviroments where software, usb ports or mobile phones are not available.
The challenge pattern presented on the computer screen can easily be resized and moved around on the screen by the user. The size and position is then stored as a cookie in the user’s web browser or alternatively on the system server for future reference, so you only ever have to do it once.
The client account administrator can mark a particular card from their account as temporarily or permanently lost. Assigning a new access card can then be assigned to that user from the client control panel.
Settings include a traditional memorized password along with the ShieldPass card challenge which prevents an attacker from using a stolen or lost card.
A tint printed over the transparent ShieldPass key pattern makes casual video very difficult for a bystander. Your physical proximity security should always be considered seriously no matter what security action you are performing.
Malware could attempt to deduce the key pattern by intercepting the challenges and user keystrokes but they will not get enough data to do so even over the full life of the card.
From the start ShieldPass was designed to make this impractical senario impossible, the ShieldPass server itself assumes the worst including that this type of analysis is being done at all times and manipulates the challenges to eliminate the threat, wheather it is actually happening or not.
|© 2017 SecureLC Limited|