e-Authentication Methods
SMS based Authentication
SMS is used as a delivery channel for a one-time password generated by information system. The user receives the password by reading the message in the cell phone, and types back the password to complete the authentication. The unique identification of the SIM card effectively enables the cell phone owner to possess an authentication token, which can be registered and used by different applications. SMS is an effective means for places where cell phones are widely used in the community.
SMS can also be used as an out-of-band authentication mechanism for protection against man-in-the-middle (MITM) attacks. If the MITM makes use of a faked website in the Internet to intercept sensitive information, SMS (which does not pass through the Internet) can be used as an out-of-band channel to confirm the authentication or transactional information. As the MITM cannot obtain the SMS information through the Internet, the attack will become unsuccessful.
Since SMS is a ubiquitous communication channel available in most mobile handsets, SMS based authentication has the advantage that it does not require the users to carry extra portable device when compared with other possession-based authentication devices such as OTP tokens or smart cards. When used with the password authentication, the SMS provides a simple solution for two-factor authentication.
|