Strong authentication at universalbox.com for your protection - GSM-Forum

**universalbox** · 08-14-2012, 15:54

Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, stolen, etc... A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords ("OTP"). Instead of authenticating with a simple password, each user carries a device ("token" which can be your mobile phone for example) to generate passwords that are valid only one time. Commercially available tokens look like pocket calculators or key fobs with a display and a keypad. To generate a one time password, the user has to enter his personal PIN into his mobile phone. So the authentication is based on two factors: the mobile phone and a PIN ("something you have and something you know"). This is obviously more secure than just a password, as an attacker needs to get hold of both the PIN as well as your mobile phone.
You can easily get started with strong authentication and it is completely free. Check out Mobile-OTP: Strong Two-Factor Authentication with Mobile Phones for OTP software for your mobile device (iPhone, Android or anything else)

Example for iPhone:

1, Download iOTP from Apple's App Store (free)

2, In iOTP add a new account like ub, universalbox or whatever you want.

3, Also generate a secret (16 or 32 characters)

The result is:

4, Now at universalbox.com, log in and go to My Account, then update account information (you don't have to change anything, just re-type your password there)

5, On the next page (OTP setup) you will be prompted for the secret characters generated by iOTP. Also a PIN is required, but it can be any 4 digit number like 1234 or whatever.

6, Upon submission a new page will appear to enter your One Time Password generated by iOTP.

In iOTP go to key menu and type the PIN you used at universalbox.com

A One Time Password will appear:

Using that password you will be authenticated and therefore your account will be updated successfully.

That is all, the same "One Time Password" page will appear as you login to universalbox.com

The password is valid for 5 minutes, but can be used only once.

We strongly recommend to use this kind of authentication to save yourself from headaches.

08-14-2012, 15:54	#1 (permalink)
universalbox Product Manager Join Date: Jun 2004 Age: 37 Posts: 5,894 Member: 68982 Status: Offline Thanks: 747 Thanked 18,089 Times in 1,741 Posts	Strong authentication at universalbox.com for your protection Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, stolen, etc... A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords ("OTP"). Instead of authenticating with a simple password, each user carries a device ("token" which can be your mobile phone for example) to generate passwords that are valid only one time. Commercially available tokens look like pocket calculators or key fobs with a display and a keypad. To generate a one time password, the user has to enter his personal PIN into his mobile phone. So the authentication is based on two factors: the mobile phone and a PIN ("something you have and something you know"). This is obviously more secure than just a password, as an attacker needs to get hold of both the PIN as well as your mobile phone. You can easily get started with strong authentication and it is completely free. Check out Mobile-OTP: Strong Two-Factor Authentication with Mobile Phones for OTP software for your mobile device (iPhone, Android or anything else) Example for iPhone: 1, Download iOTP from Apple's App Store (free) 2, In iOTP add a new account like ub, universalbox or whatever you want. 3, Also generate a secret (16 or 32 characters) The result is: 4, Now at universalbox.com, log in and go to My Account, then update account information (you don't have to change anything, just re-type your password there) 5, On the next page (OTP setup) you will be prompted for the secret characters generated by iOTP. Also a PIN is required, but it can be any 4 digit number like 1234 or whatever. 6, Upon submission a new page will appear to enter your One Time Password generated by iOTP. In iOTP go to key menu and type the PIN you used at universalbox.com A One Time Password will appear: Using that password you will be authenticated and therefore your account will be updated successfully. That is all, the same "One Time Password" page will appear as you login to universalbox.com The password is valid for 5 minutes, but can be used only once. We strongly recommend to use this kind of authentication to save yourself from headaches. Last edited by universalbox; 08-14-2012 at 18:21.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
thread	Thread Starter	Forum	Replies	Last Post
Need software upgrade for Nokia 5110	ptkrf	Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )	26	09-25-2012 02:41
How can I do a Welcome note for my 6110 a dosn't have any one ?	Viper	Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )	7	07-18-2012 07:57
Seeking for flash nokia 5110 old version (3 version) can exchange for new	Tomas	Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )	7	11-17-2011 17:08
needed pinout for carkit(N61xx)	mobileinfo	Nokia Hardware & Hardware-Repair Area	1	12-27-2006 10:20
Operator-Logo for 5110	MiMiR the WiseMan	Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )	2	06-25-1999 15:50