SMS & Authentication: Security ConcernsEntrust's Taylor on the Need to Exceed SMS-Based OTP
India's high mobile penetration has meant a widespread adoption of SMS as a channel for two-factor authentication. Unlike developed economies, where the cost of text-based notification services may be high, India's competitive and booming telecom sector has ensured that SMS is the preferred channel for mobile banking and one-time passwords - even in the pre-smartphone era.
However, using the SMS channel today for two-factor authentication is suitable only for transactions that require a low level of assurance, says Chris Taylor, senior product manager for Entrust Datacard. "There are regions of the world that have moved away from the SMS channel because of vulnerabilities like SMS redirect, Zeus, Zitmo, etc., including many countries in the Asian region," he says.
With Digital India's plans for financial inclusion of India's unbanked millions, mobile-based services have been indicated to be the preferred channel for extending and creating services. With SMS expected to be at the forefront of such initiatives, security is an important challenge to consider.
On the enterprise side, there is still a high prevalence of username and password to establish identity, which is something enterprises will have to take into account as they move toward a more effective Identity and Access Management frameworks, Taylor says.
Taylor was in India to speak at a knowledge conclave organized by Information Security Media Group on securing digital identities. In this exclusive interview, he talks about some of the challenges facing the security landscape globally, drawing parallels in India, and stresses the need for stronger authentication and built-in security. Taylor also shares insight on:
- The challenges in implementing IAM and recommendations;
- Managing threats in the cloud;
- How to manage outsourced and third-party security.
Taylor is Senior Product Manager at Entrust Datacard, managing the Entrust IdentityGuard product line - the company's flagship authentication platform. He specializes in many facets of identity-based security spanning strong authentication, mobile, cloud, smartcard technology and digital certificates. His engagement with customers, partners and industry analysts on market direction and technology trends is a top priority and Taylor is a frequent speaker at security and industry-specific events.