With increasing computing capabilities and more and more services moving online, security has become increasingly important. Username and password serves as a base level of authentication security, but services are now moving to two-factor authentication, token based authentication, and/or alternative forms of authentication. Using not only what a user knows as an authentication layer (e.g., a username and password), but also what the user has (e.g., two-factor authentication and token authentication), has seen increased popularity with smart phones and other mobile computing devices. Two-factor authentication, in particular, can involve a phone or device to be registered to a particular user.
Two-factor authentication can involve enrolling a device to be used as an authentication device, such as a mobile phone. In some cases, the authentication can be tied to an authentication application on that device. However, without that device, a legitimate user loses the ability to be authorized. If a phone is lost or an authorization application is uninstalled, a new authentication device may need to be re-enrolled. This process can be cumbersome and potentially a security threat. In one possible option, re-enrolling can require contacting an IT admin to change the device. However, this process cannot only be slow and inconvenient but is vulnerable to social engineering forms of exploitation. Another form of re-enrollment might be to use a pin code to re-enroll the device/application, but then this pin code becomes a vulnerability to the authentication security.
Thus, there is a need in the authentication field to create a new and useful system and method for verifying status of an authentication device. This invention provides such a new and useful system and method.