Companies are enlisting smartphones as another layer of protection, say security professionals, because they are cheaper and their widespread popularity makes it easier for firms to reach a broad swath of customers.
Software can turn smartphones into security tokens that spit out new passwords frequently like RSA’s popular SecurID key fobs.
Companies are taking a closer look at how they guard access to data after hackers broke into RSA, Hopkinton-based EMC Corp.’s security division, and used the stolen information to hack into computer networks at defense contractor Lockheed Martin Corp.
Adding to the urgency are new federal guidelines that require financial institutions to tighten security around online banking.
Lenders, such as Bank of America Corp. and JPMorgan Chase & Co., already send texts to consumers on their mobile phones.
These messages may notify credit card users of account activity or flag big ticket purchases; consumers may also use their smartphones to pay bills.
But a smartphone can do more, say security professionals. Using one like a security key fob is as simple as downloading an app, said Brendon Wilson, a senior product marketing manager of user authentication at Symantec Corp., a computer security software maker in Mountain View, Calif. “And for the company, there’s no expenditure on a separate token.’’
This allows companies to do away with traditional physical tokens, such as SecurID key fobs. After the March data breach, RSA offered to replace a portion of the SecurID tokens or provide security monitoring. The company said some customers are showing an appetite to replace their security tokens with virtual ones on smartphones.
The cyberattack on RSA had a silver lining. It fueled “new conversations with customers, and it’s not a conversation on just security tokens - it’s a conversation on security,’’ said Sean Brady, director of RSA’s identity management and protection group. “We are at a market inflection point for companies as they review user identification strategies.’’
Read more at: http://www.boston.com/business/technology/articles/2011/08/03/firms_enlist_smartphones_to_provide_cyber_security/