CertiVox, a leading provider of authentication and encryption software and services, today announces a mobile enhancement to M-Pin, allowing users to log into services on a PC using their own smartphone, eliminating security concerns around using different PCs. With over 93 million identities reportedly lost in 2012 alone by high profile organisations, M-Pin provides strong multi-factor authentication which is designed to replace the vulnerable username and password login system for digital services.
M-Pin is based on strong elliptic curve cryptography and delivers multi-factor authentication for websites, enterprise and mobile applications, using HTML5 web apps, meaning no browser plug-ins or software is required. The M-Pin platform removes the need for username/password combinations, often the target of choice for hackers, instead giving the end user a four digit PIN to enter for access to content and services. The M-Pin mobile client also alleviates concerns about accessing services from a PC not under a user’s control, by allowing login through the users’ smartphone.
M-Pin is able to eliminate usernames and passwords as an authentication mechanism entirely, and removes the largest cyber-security threat, the password database. Authentication is performed between the M-Pin Client and the M-Pin Authentication Server using the M-Pin Protocol, a zero knowledge proof construct. The result is that the M-Pin server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. In addition, M-Pin operates on a principle of distributed trust, whereby the root key generators are split between CertiVox’s servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful.
Brian Spector, CEO, CertiVox comments, “The response of many companies to the increasing threat to usernames and passwords is to add additional layers of security. However these measures often frustrate users as they diminish the ease of use and experience of some services, and they do not solve the problem. The inherent problems with storing such complete information on one server and the fact that many users tend to use the same password across multiple online accounts also shows that it is time for companies to move beyond username and passwords. M-Pin offers an advanced, easy-to-use and cost effective solution to this problem, eliminating the inherent vulnerability – the username and password database.”
Eckhard Freund, Manager Infrastructure Europe at Dematic, a global logistics and materials handling company, made the following comments on their selection of M-Pin: “We chose M-Pin as part of our initiative to bring VPN and network services within our organisation, as we were impressed by the reinforced security that we are afforded by the product. We found M-Pin easy to deploy and work into our redesigned system architecture, and due to the success of the project we are considering extending M-Pin to cover our customer portal.”
 Symantec Internet Security Threat Report, 2013
Service Delivery Executive
Tel: +44 (0)1522 883640