MFA Security: In our ongoing efforts to improve security, we are enhancing the Multi-Factor Authentication (MFA) available in InstaScreen™ 2.0. As you may know, InstaScreen™ 2.0 is the secure program used by Quick Check Credit Reports, Inc. to bring you screening reports in the most efficient and secure way for your internet safety.
There are three classes of factors in MFA:
When logging into InstaScreen™ 2.0 from an unrecognized computer, the user (either as a CRA, Client, or Vendor) will receive, via SMS/text, an additional authentication token to enter in with the username and password. Once verified, that computer will be "registered" in InstaScreen™ 2.0 and the user will be able to login from that computer with just the username and password for subsequent sessions. This registration process will be required every 30 days, as well as anytime the user logs in from an unregistered computer. A user may have up to four computers registered concurrently.
Recognizing that not all users will have access to an SMS/text enabled phone, the process will also allow for a user to be configured with an email address to which to send the authentication tokens. Note, however, that this is less desirable than using the SMS/text enabled phone, which provides the added security of using different networks and physical devices than email on a computer.
As mentioned at the TazWorks User's Group meeting (TUG), this will have a soft start, asking, but not requiring, that users enter in their SMS/text enabled cell phone number, or if they don't have texting, a secure email. The goal is to later require MFA registration which, from a security perspective, is smart business.
© 2012 Quick Check Credit Reports, Inc.