If you’ve ever suffered from fraud on the Internet, you’ll know how important it is to use decent passwords, keep them safe, and watch out for phishing activities. Unfortunately, a simple password isn’t always the best way to protect yourself online. Many banks are now starting to use two-factor authentication, a system requiring a dongle that generates a coded number before you’re able to access accounts online.
This concept has today been extended to mobile devices by VeriSign (s vrsn), with the launch of VeriSign Identity Protection (VIP) for the iPhone. This free application will act as a security dongle, generating a coded number that can be entered for additional security on various web sites.
This “two-factor authentication” process is a first for a device such as the iPhone. The first factor is something you know — a username and password. The second factor is something you have, namely the code provided via your iPhone. It greatly enhances security and means that, for a thief, simply knowing your password is not enough.
Setting up VIP
To get started setting up the VIP software up on your iPhone, begin by downloading it from the App Store. The app is free, and relatively straight forward to install and configure.
When launching for the first time, you’re asked for your mobile phone number. This is used to send a text message to you, linking a particular phone number with your iPhone. After the setup process is complete, you’re able to flick through the introductory documentation, watch a tutorial video of how the service works, or dive straight into setting up the VIP service on participating web sites.
The documentation is particularly good, clearly setting out the process you need to follow to register your iPhone as a VIP Credential on various member sites. Also available is a handy FAQ, which covered the majority of questions I had about the service.
There are no settings or configuration options in the app, other than the ability to hide or display your device ID. Everything is kept as simple to use as possible.
Web Sites Supported
At present, the VIP service is supported by just over 40 web sites. The most notable partners are PayPal, eBay (s ebay), AOL, and various banking organizations. A short list can be found at VeriSign’s Where to Use page.
Each web site you’d like to use the authentication for requires an individual set-up process, generally involving logging into your account and entering a few additional details.
The first service I set the software up for was PayPal. After logging in, the page to activate VIP can be found via My Profile > Security Key. After selecting to activate a VeriSign device, you are asked to enter the unique iPhone ID, and two security codes generated by the app (the code changes every 30 seconds).
Immediately after doing this, the service is activated.
During your next login you’ll be asked for a username and password as normal, followed by the random code from your iPhone. If you decide in the future that you’d like to deactivate the feature, it’s simple to do so from the same PayPal page.
Hopefully, services such as this will go a long way towards increasing consumer confidence with shopping and banking online. VeriSign certainly feels this is the case:
A recent survey found that 86 percent of consumers prefer sites that enable proactive security measures such as two-factor authentication. Meanwhile, 68 percent said they would like better systems in place to protect their identities.
As more web sites and online services move to support this security standard, I imagine its popularity will grow. The idea of using your iPhone as an additional layer of authentication for web site access is convenient and appealing. At present, no UK banking institutions use VeriSign as a partner so — for now — I’m stuck with a few different authentication devices.
I can’t fault the implementation of this service; setting everything up is very simple and straightforward. The only complaint I have is the lack of publicity it seems to have received. Until reading about the iPhone application, I hadn’t been aware that a two-factor authentication system was available for PayPal, eBay, or any of the other supported sites. This is a great way to improve security, and letting more people know about the facility would seem like a logical move. With all the publicity surrounding the dangers of phishing, I’m surprised that this service hasn’t been offered greater acclaim as a solution.
If you’re interested in finding out more, I recommend watching the introductory video on eBay, which provides a decent overview of how the service works. To get started straight away, head over to the App Store and download the VIP software.
I’m interested to know your thoughts. How security conscious are you? Is this solution one that you’ll try out immediately, or are you happy with the tried and tested username and password combination?