FAQs

OTPs are one-time-passwords. These are passwords which are randomly generated on demand and once used to login, expire immediately.

One-time-passwords are significantly more secure and convenient than common static passwords. Static passwords are often not complex enough to be secure. In order to make them easy to remember, users tend to use the same password repeatedly or even write them down if forced to make use of complex passwords. This reduces their security and opens up the possibility of the password being cracked. Static passwords can also be captured by 'shoulder surfing' or Trojan keylogger applications. One-time-passwords are randomly generated on demand by the user, which immediately offers unique authentication in every instance. The password then expires immediately.

FireID uses an incremental one-way-hash mathematical algorithm to generate a sequence of pseudo-random one-time-passwords for each user. Using the same mathematical process, both the FireID server and the user's FireID token application are able to generate the same one-time-passwords in sequence. The FireID token application increments the sequence every time the user generates an OTP on their token. The FireID server increments the sequence once the users login request is received with the OTP.

The FireID server and the FireID token application will go out of sequence or 'sync' if more than five OTPs are generated by the user but then not used to login. In this case, a token resync is necessary in order for the user to login in again.

A token resync is an operation performed when more than five OTPs are generated, but not used to login with by the user on their FireID token application. In this case, the FireID server and the token are now out of sequence and the user will be forced to resync in order to login.

The FireID server is managed using a web interface. Granular permissions templates can be defined for different groups of users, so that help desk operators can have limited administrative access rights to perform common operations such as token resyncs or reprovisionings.

Administrators or helpdesk operators can at any time immediately suspend any FireID token to prevent it from being used by an unauthorised person. It is important that users who lose their phone report this immediately to their FireID administrator. Further to this, all FireID token applications can optionally be PIN protected to prevent unauthorised access. Any malicious attacker who comes into possession of a user's phone would also need to know their username in order to login.

This is done via the FireID provisioning process. On an individual basis or in groups, users are each sent a welcome e-mail by the FireID server. This contains a link to an online interactive tutorial and provisioning process, which walks the user through the steps required for installation and activation of the FireID token application on their phone. The provisioning automatically detects the user's phone make and model and renders an appropriate version of the token application for that specific phone. It is also able to detect once the user performs the required steps on their phone and advances through the steps automatically in their web browser.

Presently, FireID supports virtually any mobile phone that can support Java, and has native support for Windows Mobile 6, including Today screen integration. Native support for recent generations of Symbian will be available soon.

FireID can be used to protect online user accounts for e-commerce websites, online banking, webmail sites, online document repositories, corporate intranets and extranets, or VPN and RAS access, Unix/Linux servers, network devices such as switches, routers, and firewalls, and a multitude of other applications.

FireID is able to create a real time data link to different directories or databases wherein your user accounts are stored in order to make your users available within the FireID administration web interface. FireID is able to derive different user fields such as username, real name, email and mobile phone number from across different data sources, and link them together to form a user profile. FireID does not use synchronisation or importation, it uses a real time connection so that any changes made to your user base externally are immediately reflected by FireID. This way all of your users can be viewed within FireID and tokens rapidly and easily deployed to them.

FireID uses various connectors, such as the RADIUS and XML-RPC protocols.