m-Power Brings 2FA to Web Apps
May 6, 2014 Alex Woodie
The Heartbleed vulnerability in the OpenSSL encryption library has shocked the world by compromising many of people’s supposedly secure and encrypted sessions over the past two years. Users who thought their transactions were secure were actually exposed, putting all of their sensitive passwords at risk.
The Heartbleed episode has given new thrust to alternative authentication mechanisms. The folks at mrc have responded by announcing that applications built with its m-Power tool can support two factor authentication (2FA).
The new 2FA feature in m-Power works by using PIN numbers sent via SMS messages. “Any time a login attempt is made from an unrecognized computer,” the company says, “the application can automatically verify the user’s identity via another PIN number delivered to the verified phone. Without the correct pin number, the user cannot access the account.”
The Chicago company also is boosting its password protection by encrypting passwords within m-Power. The company says it supports multiple password encryption methods and also supports the capability to automatically encrypt passwords.
Password encryption is seen as another layer in the security cocoon. If an organization stores user IDs and passwords in plain text, it runs the risk that all of them will become corrupted if somebody gains unauthorized access to that server. However, if the authentication information is encrypted, it’s useless to hackers, unless they also have the encryption key.
“As security threats evolve, Web applications must evolve right along with them,” Tyler Wassell, mrc’s manager of software development, says in a press release. “These new enhancements help m-Power users keep their data and their applications secure in an increasingly insecure world.”