SoundPass 2-factor auth

[Steve Werby <smwerby () VCU EDU>]

Are any of you familiar with software token authentication technology
called SoundPass (http://soundpasssecurity.com/) by a vendor named
OHVA?  Our CIO received a voicemail from them stating that Stanford
University and Stanford Medical Center are implementing it.  I've been
able to find no independent information of substance about it (and it's
apparently been around since 2007) and I can't find any indications that
it's been deployed by anyone in higher ed.

It makes the following claims (http://soundpasssecurity.com/?page_id=7),
but it's not clear whether "combats" is synonymous with "prevents", to
what extent it really mitigates the MITM attacks that are becoming
prevalent in online banking account compromises and how this is actually
done.

- Combats phishing, trojans and man in the middle attacks because your
customers don't know or control the token.

- Combats man in the middle attacks because the token is monitored at
both the server and your customer's PC.

If you have experience with this solution, know any organizations
(particularly higher ed) that do or have thoughts about it please let me
know on or off-list.

--
Steve Werby
Information Security Officer
Virginia Commonwealth University
VCU Information Security - http://infosecurity.vcu.edu/
News, Tips & More - http://www.twitter.com/vcuinfosec
Best Practices - http://infosecurity.vcu.edu/docs/infosecbp.pdf