Appolgies for not writting in a while. I hope to make it up to you with this post and future posts with, hopefully, much less than 5 months between. Found a great little app for iPhone/iTouch that gives us home users multi-factor authentication with a cryptographically strong OTP (one time password). Many of us have a similar device to log onto our corporate networks. I have an RSA token from work that spits a new six digit one time code. The OTP adds an additional layer of security when logging onto to a site on the net and makes brute force attacks impossible. We discussed OTP in the post about Steve’s PPP  authentication system.

This cute little app is offered by VIP (Verisign Identity Protection) and is a free download for your IPhone or Ipod touch. The app works with a bunch of popular sites including Ebay, Geico, PayPal and Merrill Lynch, amongst others. Most are financial sites and would be a high profile target for hackers. Would be nice if Bank Of America was there. When you download the app you will need to use a cell phone to activate it, which is quick and easy. Then you will need to register with those sites that you want to use the app. I registered with Paypal which required the credential ID found in the VIP app. When I now use the Paypal site, I log in just like I used to with my static password (something I know) and I’m then prompted for my OTP password (something I have) that is shown on my Itouch screen during that 30 second interval in time.

As always it’s good idea to have your Iphone/Itouch locked with a password in case you lose your device, and if you the VIP password app all the more so. Yeah someone trying to gain access to your site would need your static password only you know , but it’s all about layers in security and how paranoid you want to be. Overall this is a great little app that adds industrial level authentication for us non corporate users, hopefully we’ll see more companies where this form of authentication can be used.