Microsoft Hotmail has a new feature: Out of Band Authentication via cell phone SMS Text. They call it ‘single-use codes’:

    • Single-use codes
    • This new security feature is designed to further protect you when you sign in from a public computer, such as those found in internet cafés, airports, and coffee shops. When you request a single-use code, the code is sent via SMS to the phone number associated with your Windows Live ID. It acts as a one-time substitute for your password. By using a single-use code, you won't have to type your password into a public computer, thereby helping to prevent it from being stolen by key loggers and the like.

image

I’m all in favor of this new version of authentication. The key issue to note is that while this will spoof keylogging, a successful ZeuS Trojan browser injection will trick the user into giving up the one time key. This out of band authentication compromise tactic was recently discussed by a research group working with APWG 2010 Thought Leader Dr. Laura Mather’s company Silvertail Systems

The threat is blunted with efforts like this and I applaud this type of security integration to get us past passwords. Maybe Terry Zink or some other hotshots over at MSFT will shake down with the low down on how measurably adopted and effective this is.

What’s your view? Do you think we’ll get around passwords constantly being compromised through the use of further SMS text-based authentication?

Securing Our eCity Contributing Writer