Educause Security Discussion mailing list archives
SoundPass 2-factor auth
From: Steve Werby <smwerby () VCU EDU>
Date: Mon, 5 Apr 2010 08:58:27 -0400
Are any of you familiar with software token authentication technology called SoundPass (http://soundpasssecurity.com/) by a vendor named OHVA? Our CIO received a voicemail from them stating that Stanford University and Stanford Medical Center are implementing it. I've been able to find no independent information of substance about it (and it's apparently been around since 2007) and I can't find any indications that it's been deployed by anyone in higher ed. It makes the following claims (http://soundpasssecurity.com/?page_id=7), but it's not clear whether "combats" is synonymous with "prevents", to what extent it really mitigates the MITM attacks that are becoming prevalent in online banking account compromises and how this is actually done. - Combats phishing, trojans and man in the middle attacks because your customers don't know or control the token. - Combats man in the middle attacks because the token is monitored at both the server and your customer's PC. If you have experience with this solution, know any organizations (particularly higher ed) that do or have thoughts about it please let me know on or off-list. -- Steve Werby Information Security Officer Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ News, Tips & More - http://www.twitter.com/vcuinfosec Best Practices - http://infosecurity.vcu.edu/docs/infosecbp.pdf
Current thread:
- SoundPass 2-factor auth Steve Werby (Apr 05)
- <Possible follow-ups>
- Re: SoundPass 2-factor auth Dexter Caldwell (Apr 05)