As the Internet grows ever larger, the need for stronger authentication becomes more important. Name and password authentication mechanisms are not providing the total needed level of user validation. As a result, and in many instances, multifactor authentication is being used in the industry to fill this need for stronger authentication. However, the problem with most multifactor authentication mechanisms is that they require more interaction (input or attention) from the end user. Moreover, each time data entry is required from the user, errors are introduced and the solution becomes appealing to the end user.
Multifactor authentication is typically provided with at least two of three authentication factors. The three factors are: 1) “what you know,” 2) “what you are,” and 3 “what you have.” Name and password credentials are a case of “what you know” (1). Furthermore, there are many hardware devices that are used to fill the need of, “what you have” (3). The problem with hardware devices providing “what you have” (3) is that the hardware devices require the end user to carry another device, such as hardware tokens. The problem that can be solved by an end user using his/her mobile device (iPad®, iPhone®, Android, etc.) as a hardware token, but this actually causes yet another problem. Specifically, the end user must have special hardware and/or software on his/her desktop to interface with his/her mobile device (hardware), or he/she must provide information read from the desktop screen into the mobile device. This means that the end user must first type in his/her name and password into the desktop; then read a “challenge” presented on the screen; type an answer to the “challenge” into the mobile device; read the response on the mobile device; and then type the response into the desktop interface as an appropriate response. In some situations, processing steps can be removed but not all of the steps can be removed with the current-state of technology. Essentially, the end user is the go-between of the mobile device and the login prompt of the desktop interface.
Moreover, at no point in time is there any assurance that the mobile device of the end user is in close proximity to the desktop with the above-discussed scenario. The response to the “challenge question” sent from the desktop interface to the mobile device can be remotely provided to someone at the desktop, who may not even be the end user.