|
 Online
authentication, the process of remotely identifying and verifying
users, is an integral part of IronKey's security architecture.
As it pertains to computer security, authentication works to
verify a user based on his digital identity credentials.
IronKey brings a whole new level of authentication to your
Internet experience, giving you the upper hand in the cybersecurity
arms race.
Password Protection
It starts with the onboard IronKey Identity Manager. As you
visit your online sites, the Identity Manager will ask you if
you want it to remember your usernames and passwords. These
are then stored with hardware encryption on the IronKey drive.
When you wish to log back into one of your accounts, the
Identity Manager compares the website that you are visiting
with the website where you originally entered your password.
If they match, the IdentityManager enters your password for
you without you having to type it in. If they do not match,
then you may be on a phishing site, and the Password Manager
will not enter the password for you.
This gives you simple but effective protection against phishing
attacks and spyware that tracks your keystrokes.
Strong Authentication
Your IronKey supports advanced cryptographic authentication
using strong PKI key pairs generated in the IronKey Cryptochip.
When you log into my.ironkey.com from your device, it uses these
unique keys as your digital identity credentials. This locks
down your account so that you must have both your IronKey and
your password in order to gain access. In other words, no one
but you can access your online IronKey account, even if someone
stole your IronKey or your password. As banks and other websites
begin to deploy two-factor authentication, they will allow you
to use a username, password, and an IronKey or other authentication
device to ensure that only you can log into your account.
Secure Access to my.ironkey.com
You can manage your IronKey devices and security settings
on my.ironkey.com. The my.ironkey.com website requires strong
authentication for full access. This ensures that people cannot
get onto your account without having your password AND your
IronKey. In the event that you ever lose your IronKey, you can
still access the site in Safe Mode which is a restricted mode
with limited functionality. This is useful for marking your
IronKey as lost, or recovering a forgotten password.
Accessing my.ironkey.com without your IronKey entails additional
authentication methods used at some of the world's largest financial
institutions.
Mutual Authentication
Mutual authentication, where a secret image and phrase are
shown before you enter your password, is used to assure you
that you are at the actual IronKey site and not a phishing site.
Similarly, all emails sent to you regarding your IronKey account
use mutual authentication so that you can be confident the email
is really from IronKey before you open the email.
Real-Time Fraud Heuristics
A real-time anonymized data analysis is run every time you
attempt to login without your IronKey. If any factor looks suspicious
or corresponds with known fraud indicators, supplemental authentication,
such as secret questions, may be used to further verify your
identity claim.
Out-of-Band Authentication
Out-of-band authentication, such as when verification codes
are sent via email, is used to raise the bar and make online
attacks all the more difficult. This gives you added peace of
mind in knowing that it takes more than just a simple password
to access your account.
|
IronKey
Technology - Internet Authentication