Clientless Invisible Token – Web Browser Enabled
- True token-less technology
- Browser becomes a virtual token
- Works on any PC, Smart Phone or Tablet
- Low cost, easy deployment
- Dramatic reduction in help desk costs
- Anytime, Anywhere, Any Device
- No Key Fobs or Dongles to lose
- No Software installation required
- Convenient, adheres to corporate security policies
- OTP generated by the browser
- Single Sign On (SSO) to all your apps and resources
- Seed records are destroyed to prevent hacking
Hardware tokens in various forms have been introduced to mitigate the risk of password theft by introducing additional factors of authentication. Hardware tokens are well established, but are known to be very expensive to deploy and are easily forgotten since they are an additional device that the user needs to carry. In addition, software based tokens requires the user to download the software application from the app store and install it on their smart device. The software approach requires few steps which need to be accomplished before the user can start using their two-factor authentication.
Direct Risk Management (DRM) has developed and introduced the World’s First, “Invisible Token.” The Invisible Token uses proprietary technology to deliver the industries only token-less solution that delivers proprietary 2-Factor Authentication security via the LAN, Web and Cloud while transforming the users’ browser to act as a virtual token. The Invisible Token addresses the 4 biggest concerns with company’s adopting 2-Factor Authentication: ease of deployment, convenience, security and cost.
Ease of Deployment:
The Direct Authenticator Invisible Token is based on HTML5 and transforms your browser into an OTP-token that is independent of the platform. Your browser is enrolled when used for the first time with a patented technology that seamlessly configures your browser and integrates a OTP-token into it. The deployment process can re-use existing passwords and other information available in directory services.
End users can continue to use password-based authentication and existing passwords in directories such as LDAP or by using Active Directory. The OTP generated by the browser OTP-token is seamlessly sent as a background process when the end user logs in the first time and enters a code to activate the token. The user does not have to login for the rest of the day (and as much as 20 days based on your corporate security policy) even if the browser is closed. With our single sign on support, the user can have access via a resource portal to many applications without having to redundantly log in to each of them.
The OTP-token in the browser has a configurable life-time and is re-seeded each time the end user completes a successful login. If the end user loses their password, in e.g. a phishing attack, the attacker will still be unable to log on using the stolen password as they don’t have access to an activated browser. The Direct Authenticator Invisible Token is based on industry standards, uses HTML5 and OATH and runs on any platform that is HTML5 enabled.
Easy to Integrate:
The Direct Authenticator Invisible Token is easily integrated with any web-based application and service through an API. The Direct Authenticator Invisible Token is also integrated into the Direct Authenticator Access Manager.