SMS-Based
Multi-Factor Authenticator

Overview of SMS-Based Authentication

  • Developed by Known Access
  • It is a Multi-Factor Authentication (MFA) method
  • Users must be assigned the SMS based service
  • User’s phone must be associated with the service
  • It works with Known Access Security System
  • Using SMS, users can request token 
  • When user logs in with only one-factor, a token is pushed
  • Each token consists of 7 numeric or alpha-numeric characters
  • Each token is valid for a limited duration
  • Users can use the SMS token only once to authenticate
  • Any attempt to reuse a token will fail
  • Each authentication attempt is audited
  • Any attempt to authenticate using a token that is outside the acceptable window (configurable) will fail.
  • Users are suspended when successive invalid attempts are detected

SMS Assignment

  • Administrators can assign SMS service to a user
  • Users must have SMS service associated with their mobile phone
  • Security administrators can associate SMS service with the user’s phone number
  • Users are allowed to have a backup phone
  • For this service no App is required on user’s phone
  • Users do not have to go through any registration process
  • A particular phone number can only be associated with one user
  • SMS management lifecycle software is provided with the products & services

How to Enable, Disable & Manage Stolen Phones

  • Administrators can very easily unassign a phone number from a user
  • The SMS service of a user can be disabled
  • You can enable a user’s SMS service
  • You can disable user’s phone number – when stolen/misplaced
  • You can enable user’s phone number – when found
  • When two phones are assigned to a user, the user can disable one of the phones from the other – phone lost
  • Similarly, the user can enable one of the phone from the other – phone found
  • User’s can get the information about their latest activities

How to Authenticate using SMS

  •  
  • You will given a phone number and key-words to use the SMS service
  • You can request a token by texting “Token” to a pre-defined phone number
  • Every time you will get a unique one-time password (token)
  • At the time of initial user configuration a temporary codeword is issued to the user that must be used with the SMS token
  • The SMS users must login using the assigned UserID & passcode (temporary codeword followed by SMS token)
  • If the authentication is successful, the user is asked to change the temporary codeword
  • A user authenticating with a suspended phone will not be successful
  • SMS tokens have a limited life. It must be used within that interval
  • Any SMS tokens issued earlier than the recently used will fail
  • If a user logs in with a UserID and Codeword but without the SMS token then a token is pushed to the user. After entering the token correctly, user is successfully authenticated
  • Using SMS, users can enable/disable their 2nd phone

Different States of a SMS User

  • SMS Service Not-Assigned
  • Assigned – User is allowed to use the SMS service
  • Phone Disabled – Administrators as well as users can disable phones
  • Service suspended – Cannot use the SMS service for authentication

Troubleshooting

  • If you get an unrecognizable passcode (codeword + SMS token) then make sure the user is using the right codeword
  • Use of a disabled phone for SMS will result in authentication failure
  • Use of SMS token without codeword will result in failure
  • Use of right SMS token with wrong codeword will result in failure
  •  Make sure the user is using the token within a specified time. After few minutes (settable) the tokens expire
  • Make sure the user is using the Phone that is configured in the database
  • Use of wrong codeword with correct SMS token will result in failure