At the end of last week, I did a write-up on how we are extending OpenSSO to include Service-Level Monitoring. Today I'd like to talk about 1x Password capabilities that we are adding to OpenSSO.
One time passwords are used when an organization wants a higher level of authentication for users trying to access a web application. That is, they want to require a second way to authenticate users, such as a physical token card, besides simply entering a user name and password. This is commonly seen in the financial services sector when trying to access bank accounts or when accessing a corporate intranet remotely.
The challenge with physical token cards is that they tend to be expensive to purchase and disseminate. As an alternative, we are in the process of adding capabilities to OpenSSO that allows a user to obtain a 1x password via your mobile phone (i.e. - using SMS text messages). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a robust offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.
Above is a video of what we are building. The solution uses Open Authentication (OATH) to do standards-based strong authentication. It's still rough, but this will give you a taste of what we are building.