Tag Archives: device
How Can an Out of Band One Time Password Secure Information
Usually during the two-factor authentication process a one-time password is used to verify the users identity. This secures authentication by asking for multiple criteria to be met such as something you know and something you have. Something you know being your traditional username and password and something you have being your OTP or one-time password. However during transmission of this one-time password a hacker could still intercept the data to gain access if the OTP is not sent to an out-of-band network.
One-time passwords come in many forms from something as simple as a sheet of codes to the more advanced propriety key generating tokens. Many times for information that is not an extremely high security risk the OTP will be sent via email to the user for identification. This is not an out-of-band solution because the email can be received on the same network as the login panel.
The problem with sending the second factor in the authentication process to a solution that is not out-of-band is that easy to use and readily available software makes it easy to intercept information including the users one-time password. With an out-of-band solution the user would need to receive their OTP on a separate network than their login panel. One way is through proprietary tokens that generate dynamic one-time passwords. However tokens be pricey and can create havoc when lost or misplaced.
Another less expensive and more reliable device would be the users mobile phone. Since we are a society who must be connected to our mobile phones constantly a user will not forget their device and the chances of the device being broken are much lower. Also the devices network is completely out-of-band from any login panel.
Securing authentication by sending the one-time password through an out-of-band network protects the user from malicious software as well as misplacement of their device. This makes it very hard for a novice hacker to gain access to confidential information or networks and ensures the user will receive their OTP when they need it.
The only way to become more secure once you already utilize an out-of-band OTP for two-factor authentication is if it is a zero footprint solution. Zero footprint authentications allow the one-time password to be sent without leaving any trace of the authentication or password behind on the device. Ultimately securing the authentication process completely from internet or network based attacks.
How Can an Out of Band One Time Password Secure Information
Usually during the two-factor authentication process a one-time password is used to verify the users identity. This secures authentication by asking for multiple criteria to be met such as something you know and something you have. Something you know being your traditional username and password and something you have being your OTP or one-time password. However during transmission of this one-time password a hacker could still intercept the data to gain access if the OTP is not sent to an out-of-band network.
One-time passwords come in many forms from something as simple as a sheet of codes to the more advanced propriety key generating tokens. Many times for information that is not an extremely high security risk the OTP will be sent via email to the user for identification. This is not an out-of-band solution because the email can be received on the same network as the login panel.
The problem with sending the second factor in the authentication process to a solution that is not out-of-band is that easy to use and readily available software makes it easy to intercept information including the users one-time password. With an out-of-band solution the user would need to receive their OTP on a separate network than their login panel. One way is through proprietary tokens that generate dynamic one-time passwords. However tokens be pricey and can create havoc when lost or misplaced.
Another less expensive and more reliable device would be the users mobile phone. Since we are a society who must be connected to our mobile phones constantly a user will not forget their device and the chances of the device being broken are much lower. Also the devices network is completely out-of-band from any login panel.
Securing authentication by sending the one-time password through an out-of-band network protects the user from malicious software as well as misplacement of their device. This makes it very hard for a novice hacker to gain access to confidential information or networks and ensures the user will receive their OTP when they need it.
The only way to become more secure once you already utilize an out-of-band OTP for two-factor authentication is if it is a zero footprint solution. Zero footprint authentications allow the one-time password to be sent without leaving any trace of the authentication or password behind on the device. Ultimately securing the authentication process completely from internet or network based attacks.
Legally obtain evidence and protect yourself through Digital Forensics
So you want to know what your spouse or partner has been up to? Do they delete text messages and other communication? Sure there are programs out there that can be installed on the device, but you should know that it is illegal according to Title 18 of US Federal Law to take such actions. Therefore, if you’re needing this evidence to protect yourself financially or to prove their infidelity in a court of law, this illegal intrusion will make the evidence inadmissible and you could face wire tapping charges.
By now, you’ve suspected your spouse or partner is cheating or you probably wouldn’t be reading this article. They’ve become more secretive when using their cell phone or computer and something doesn’t feel quite right. Perhaps they’ve placed a passcode on their device whereas before they’ve left it open for you to look at. Now they carry it into the bathroom with them when they take a shower or they duck around the corner to answer a call. The truth is that these are all possible signs of infidelity. It used to be “lipstick on the collar” was the 1 sign… Today, it’s odd and obsessive cell phone behavior. As a committed partner in the relationship, YOU HAVE A RIGHT TO KNOW. I say that with conviction because some folks would have you believe that looking at your partner’s cell phone or computer activity is an invasion of their privacy. I would contend that if your spouse has been with someone else, their expectation of privacy has been diminished. Why? Because they have potentially put the health and well-being of you and the family in jeopardy. How? Well, for starters, they could contract an STD and pass it along to you. In addition, when a cheating spouse is seeing someone else, they typically spend jointly earned money on the paramour. This directly effects the financial situation of the home. Also, a relationship of this type puts undue strain on the marriage and adversely effects the children, if you have them. This is why I believe you should know.
But how do you go about getting the evidence you need legally? The answer is Digital Forensics. Digital Forensics is a process whereby a professional that has the equipment and the expertise can acquire logical and physical (deleted) data from electronic devices. It’s legal because you are NOT acquiring or intercepting live communication or communication in motion. Spyware or monitoring software does this exactly and can get you in a lot of trouble AND can potentially lose your case for you. You may have the answers by using this software, but it will be no good to you in legal proceedings. I must also warn you that most of the spyware available on the open market are difficult to install. NONE of them can be installed remotely – believe me when I say this. We have tested many of them. A “smart phone” (i.e. iPhone & Android) must be either “jailbroken” or “rooted” to allow these applications to be installed and work properly. This, in and of itself, is not always possible because the OS developers are constantly updating their firmware to prevent such applications from being installed. This is why your iPhone or Android seems to always have a software update. These updates are sent out to devices to patch these security flaws.
Now you’re asking yourself: “Well, how do I get my souse’s device examined??”
The only way a device can be examined is by a professional with the tools and knowledge to acquire and image of the device’s memory. The professional must have physical possession of the device for a period of time to obtain the image. Digital Forensics cannot be done remotely on cell phone. On computers, it can be done remotely, sometimes, although it’s not preferred.
If you ever find yourself in this situation, reach out to a professional like myself for advice and direction.