October 2011
Your Security and Internet Safety is always a Top Concern.
Quick Check's InstaScreen™ 2.0 has added a new layer of security to authenticate your computer for secure use. "It is very easy and only takes a few seconds!" says John Nuzzolese of The Landlord Protection Agency. During the login process, or after logging in, in your "My Profile" (located in the left column area), you will be asked to provide your cell phone # (to receive a coded text message) and/or your email address. This authentication validates the IP address of each computer you log in from (You can have up to 4 different computers authorized at a time).

MFA Security:   In our ongoing efforts to improve security, we are enhancing the Multi-Factor Authentication (MFA) available in InstaScreen™ 2.0. As you may know, InstaScreen™ 2.0 is the secure program used by Quick Check Credit Reports, Inc. to bring you screening reports in the most efficient and secure way for your internet safety.

There are three classes of factors in MFA:
1) Something a person knows, e.g., user-name and password;
2) Something a person has, e.g., digital certificate, token, or physical device; and
3) Something a person is, e.g., fingerprints or retina pattern. InstaScreen™ 2.0 currently requires authentication based on "what a person knows" (user-name and password), and provides an option for "what a person has" (IP address restrictions). IP address restrictions are not always practical, however, and can be time consuming to manage. We now provide a more user-friendly means to restrict access based on an additional factor from the "what a person has" class: their SMS/text enabled phone.

When logging into InstaScreen™ 2.0 from an unrecognized computer, the user (either as a CRA, Client, or Vendor) will receive, via SMS/text, an additional authentication token to enter in with the username and password. Once verified, that computer will be "registered" in InstaScreen™ 2.0 and the user will be able to login from that computer with just the username and password for subsequent sessions. This registration process will be required every 30 days, as well as anytime the user logs in from an unregistered computer. A user may have up to four computers registered concurrently.

Recognizing that not all users will have access to an SMS/text enabled phone, the process will also allow for a user to be configured with an email address to which to send the authentication tokens. Note, however, that this is less desirable than using the SMS/text enabled phone, which provides the added security of using different networks and physical devices than email on a computer.

As mentioned at the TazWorks User's Group meeting (TUG), this will have a soft start, asking, but not requiring, that users enter in their SMS/text enabled cell phone number, or if they don't have texting, a secure email. The goal is to later require MFA registration which, from a security perspective, is smart business.