Going “Virtual”: The Sestus Alternative to Hardware Tokens and Software Certificates

On February 20th of this year, online security company Sestus announced the release of a foreign language version of its successful Virtual Token® multifactor authentication (MFA) product. The announcement coincided with the launch of the company’s re-designed website at http://www.sestus.com.

According to the company, its re-designed Virtual Token® MFA product is now “language-intelligent”, automatically switching to the user’s preferred language based on settings configured within the user’s internet browser. Initially released with support for both English and Spanish, additional languages can be quickly added using easily translated language pages.

Virtual Token® Multi-Factor Authentication (also called Two-Factor Authentication) is a ground-breaking security process that replaces traditional hardware tokens and software token systems with a stronger, more affordable, more user-friendly “virtual” token solution. Virtual Token® multifactor authentication is currently used by many notable organizations including the U.S. Department of the Treasury, R R Donnelley, The State of North Carolina, and Banorte Bank.

Unlike traditional hardware and software token approaches, Virtual Token® MFA does not require the user to install any software or carry any hardware. Instead, the process utilizes the user’s existing browser, retrieving what the company describes as a “digitally signed HASDL key” from the browser. This key is then authenticated against the connected device’s “fingerprint”. Once the key has been authenticated, the process exchanges a one-time-use random “virtual” token number with the device.

This groundbreaking solution provides a number of advantages over other MFA methods. No additional hardware must be carried and no additional software must be installed or configured by the end user. In addition, the user is not subjected to telephone calls or text messages when they wish to log in.

In what can only be called a strong endorsement of the Virtual Token® MFA approach, in June of 2011 the FFIEC issued updated guidance recommending all financial institutions begin using “complex device identification”. Although not identified by name within the guidance, the complex device identification process outlined by the FFIEC matches step-by-step Sestus’ proprietary and patent-pending Virtual Token® MFA process.

Perhaps the most significant aspects of Virtual Token® MFA is its extremely low total cost of ownership and its high user acceptance rates. In a Credit Union Journal study of multifactor authentication solutions deployed within the United States, Virtual Token® multifactor authentication was reported to have the lowest support costs and the highest user acceptance rates of all MFA products.

The U.S. Department of Homeland Security has twice recognized Sestus for this breakthrough in online security. Sestus has also received InfoWorld’s highest recognition, the InfoWorld 100 Award.

Virtual Token® MFA is a “true multifactor authentication” solution as defined by federal regulators. Organizations that have deployed Virtual Token® MFA have experienced a significant reduction in online fraud and identity theft without the increase in support costs typically associated with MFA. Users never disclose any personal information to use Virtual Token® MFA, making it both user-friendly and superior in terms of protecting user privacy.

For more information on Virtual Token® Multifactor Authentication, visit http://www.sestus.com.