Tuesday, October 27, 2009

Additional Logon Security via Random Code Through SMS

An EMail I sent to the GMail Labs folks up at Google.

I read not too long ago on HackADay.com I read about an option that
certain companies use to add a layer of security to their remote email
logon. They enter a code provided by a key fob that changes every 60
seconds. It seems the code is based on a 128 encryption key that both
the key fob and the server have in common.
Story @ Hack A Day [dot] com


There are two possible approaches to this.

Option 1: Mobile Phone Synchronized Encryption App
An App could be written for various phones (iPhone, Pre, Android,
ect ... ) that work on the same concept of an encryption key. The user
could generate his own custom key, and enter it into his phone via SD
card, SMS, or EMail. This key would be unique to his account allowing
only him to log in. The code would change every few minutes and use
the cell network clock as the source.

Option 2: Randomly Generated Code sent via SMS
With the option of sending text to mobile phones from GMail through
the SMS option in Labs, A new code could be randomly generated and
sent to the user's phone via SMS. The code would include upper and
lower case letters, numbers, and special characters, just like any
good password should. Each code would only be valid for a few minutes
and logging on before the GMail server had received the request for
the code would be prohibited.

1 comment:

  1. Looks like Google has finally decided to use this.
    I sent them an email suggesting this the day of the original post.
    http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

    ReplyDelete