Web based strong multi-factor authentication

Why you should use strong authentication

Multiplication of online resources protected by a simple password has led users to share a few passwords accross multiple sites, to write down such passwords, and to choose them as simple as possible (i.e as authorized). At the same time, sites have been forced to propose weak - but cumbersome - password recovery mechanisms. All this made passwords relatively easy to hack, and identity theft has become a reality. Financial and psychological - loss of trust - consequences are huge and identity theft is on healines whenever a wellknown company or person is touched. This is only the visible part of it. 

Preventing identity theft requires strong authentication with a proper legal framework.

Strong authentication is in particular multi-factor ("what I have", what I know"...): identity theft requires stealing all factors. However, non of these factors transits on the web, strong authentication is therefore a technical protection against identity theft. If the user is made responsible for his usage of his security tools (thourgh his work contract and/or through terms and conditions), legal risks are also covered.

Confidentiality, non-disputability, fraud prevention: these are the benefits of strong authentication for your activity.

Strong authentication pitfalls

Adapt means to ends, costs to risks. This is the main issue with traditional strong authentication solutions - smartcards and readers, code displays, keychain tokens. These solutions are extremely costly (really unaffordable for services providers in the Consumer market), but also very unconvenient to use by users and customers. Indeed, as users and customers do not bear the risk of identity theft, they are not keen on doing cumbersome operations to avoid this risk.

Another major pitfall is the use of security solutions that do not bring real security. Indeed, without proven security, a security solution brings no obvious benefits. This is, unfortunately, the case of hardwareless popular solutions - though less expensive -, notably soft-tokens for mobile, TAN/grid solutions with 'hidden path', etc.

SMS-OTP (one-time codes sent by SMS) and call authentication are a compromise: initial investment is quite low, but direct costs of sending high volumes of SMS may become huge. Also, security is average, as identity theft in the mobile number managing process (e.g.via hotlines) allows to completely bypass the protection. In a way, there is no real "what I have" factor, nor "what I know" factor.

How In-Webo is changing the game

As mentioned, with traditional technologies, removing hardware secure elements dramatically reduces security. This is a typical technological bottleneck.

Creating In-Webo Technologies in 2008 aimed at solving this bottleneck, in order to be able to design solutions that meet simultaneously the requirements for strong authentication adoption by the market-place:

• Low costs made possible by No-hardware solutions: no equipment to purchase or distribute
• Ease-of-use thanks to a tight integration of security in user processes, this integration being in turn made possible by No-hardware solutions
• Flexibility and easy setup
• High security

After several years of R&D and product development leading to 3 patents and patent-pending applications, these conditions are now all met. In particular, In-Webo solutions and products benefit from the authentication technologies designed in our labs. This is indicated with the "Secured by In-Webo" logo.

Customer benefits

In-Webo is a pure-player of strong authentication, addressing following markets:

• Enterprises and SaaS B2B Services Providers
• Service Providers for the Consumer market

Our solutions do enable a multi-environment (computers, smartphones, tablets, etc.) access control for your services and applications (VPN, webmail, SaaS applications, Extranets, etc.). In-Webo solutions are available, highly secured, and run on high-availability infrastructures operated by In-Webo. Such solutions are extremely easy to setup and use. They are proposed with business models matching the level of risks they cover.