Looks like Sun is working on using SMS phone messages to send out one time passwords to users. The one time passwords are intended as the additional factor in two-factor authentication. Of course, at $0.10+ per SMS message that's a bit pricey.
Lots of companies work deals with the mobile carriers for volume deals on number of minutes on employee phones, but I wonder how much SMS bundling is part of corporate telephony deals these days. If that is becoming common, then the price might be quite a bit cheaper than that.
This is kind of like our blog post on initiating phone calls directly from PeopleSoft to dial someone's phone and prompt them for a password, except we were doing at about a penny a call (even without corporate discounts; our procurement department here at Grey Sparling has not managed to twist the arms of the large phone companies into cutting us any special deals).
I think that you could scale the SMS delivery to a larger number of people though. The direct call model would require the capacity for initiating however many calls that you wanted to be able to handle simultaneous logins for. If you were a large university and you did this for PeopleSoft for class registration, you could get a large number of simultaneous authentication requests.
They are on the right track though; the use of the mobile phone as part of two-factor authentication is definitely the way things need to go. Whether that is SMS, automated voice calls or something else (IM from my mobile phone is pretty nice) or a combination of things remains to be seen though.
Labels: 2009, Security, Telephony
© 2011 Grey Heller Solutions.
All rights reserved.