 Online
authentication, the process of remotely identifying and
verifying users, is an integral part of IronKey's security
architecture. As it pertains to computer security,
authentication works to verify a user based on his digital
identity credentials.
IronKey brings a whole new level of authentication to your
Internet experience, giving you the upper hand in the
cybersecurity arms race.
Password Protection:
It starts with the onboard IronKey Password Manager. As
you visit your online sites, the Password Manager will ask
you if you want it to remember your usernames and passwords.
These are then stored with hardware encryption on the
IronKey drive.
When you wish to log back into one of your accounts, the
Password Manager compares the website that you are visiting
with the website where you originally entered your password.
If they match, the Password Manager enters your password for
you without you having to type it in. If they do not match,
then you may be on a phishing site, and the Password Manager
will not enter the password for you.
This gives you simple but effective protection against
phishing attacks and spyware that tracks your keystrokes.
Strong Authentication:
Your IronKey supports advanced cryptographic
authentication using strong PKI key pairs generated in the
IronKey Cryptochip. When you log into my.ironkey.com from
your device, it uses these unique keys as your digital
identity credentials. This locks down your account so that
you must have both your IronKey and your password in order
to gain access. In other words, no one but you can access
your online IronKey account, even if someone stole your
IronKey or your password. As banks and other websites begin
to deploy two-factor authentication, they will allow you to
use a username, password, and an IronKey or other
authentication device to ensure that only you can log into
your account.
Secure Access to my.ironkey.com:
You can manage your IronKeys and security settings on
my.ironkey.com. The my.ironkey.com website requires strong
authentication for full access. This ensures that people cannot
get onto your account without having your password AND your
IronKey. In the event that you ever lose your IronKey, you can
still access the site in Safe Mode: a restricted mode with
limited functionality. This is useful for marking your IronKey
as lost, or recovering a forgotten password.
Accessing my.ironkey.com without your IronKey entails
additional authentication methods used at some of the world's
largest financial institutions:
- Mutual Authentication - Mutual authentication,
where a secret image and phrase are shown before you enter
your password, is used to assure you that you are at the
actual IronKey site and not a phishing site. Similarly, all
emails sent to you regarding your IronKey account use mutual
authentication so that you can be confident the email is
really from IronKey before you open the email.
- Real-Time Fraud Heuristics - A real-time
anonymized data analysis is run every time you attempt to
login without your IronKey. If any factor looks suspicious
or corresponds with known fraud indicators, supplemental
authentication, such as secret questions, may be used to
further verify your identity claim.
- Out-of-Band Authentication - Out-of-band
authentication, such as when verification codes sent via
email, is used to raise the bar and make online attacks all
the more difficult. This gives you added peace of mind in
knowing that it takes more than just a simple password to
access your account.
|
IronKey
-
Internet
Authentication
IronProtector.com is a division of Virtual Graffiti Inc., an authorized IronKey Reseller.