Why is SnapID™ more secure than other authentication systems?

Every cell phone ever manufactured contains a unique device identifier (a “UDID”) that serves as the “fingerprint” of that device.  While hacking or spoofing may work on common two-factor authentication systems because they receive, not send, text messages, the SnapID™ system eliminates this hacking by using the fingerprint of the phone to verify that the message is being sent by a legitimately authorized phone and not a "spoofed" number.  A text message cannot be sent into the SnapID™ system without the cell phone carrying the correct UDID. 

Furthermore, two-factor authentication systems rely on information being input into a browser by a user.  Typically someone using a cell phone receives a text message containing an authorization code and then must enter the code that appears on the token or cell phone’s screen into a field on the webpage.   By definition this opens the process to “man-in-the-middle” (MITM) or “man-in-the- browser” (MITB) attacks that compromise the security of the entire process.

SnapID™ uses a patented process that completely eliminates any information being entered into, or shared through the browser.  All communication occurs on a secure server-to-server connection outside of the browser environment and thus excludes, by definition, any possibility of MITM or MITB attacks. 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk