The Most Secure and Convenient
Soft Token and TOTP
A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm, for use in authenticating access to computer systems. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. One of the great advantages of TOTP is that the device that generates the passcode and the device that accepts the passcode don’t need to be connected to each other. The device that generates the passcode doesn’t even need a network connection to operate. TOTP is considered a straightforward way of addressing different strong authentication regulations and security concerns. The device that generates the passcode is considered “something you have” and can be used as a second authentication factor on top of a password (something you know) or biometrics (something you are).
There are two main approaches to TOTP—hardware tokens and software tokens. Hardware tokens are standalone devices from specific vendors that present the passcode on the device. Software tokens are usually embedded in a mobile application and presented on the mobile phone.
Transmit includes a set of built-in authenticators, one of which is an enterprise-grade soft token TOTP. In addition to the built-in TOTP authenticator, the platform can orchestrate and manage hardware and software tokens from other vendors. The decision on whether to use the built-in TOTP or a third-party TOTP is completely in the hands of the business owners. Transmit can also manage multiple TOTP solutions at the same time and offer different TOTP authenticators to different users or applications based on any business rule.
Transmit’s built-in soft-token includes a couple of differentiating advantages. The first is an implementation mode that completely avoids storing a centralized database of TOTP seeds. The seed is a secret that when stolen allows the attacker to generate codes on behalf of the user. The second advantage is the ability to include risk signals inside the generated TOTP code. These risk signals can let the Transmit server know that the device that generated the code spotted a risk, such as a location risk, even if the device is completely offline.
Transmit provides a full set of authentication services to manage primary login, multi-factor, and step-up authentication across various applications and channels. The platform includes a large set of built-in authenticators such as OTPs, soft tokens, biometric authenticators, and knowledge-based authenticators. In addition, the platform can be used to manage any third-party authenticator or authentication service connected to the Identity Services Hub. Transmit’s authentication services manage the enrollment process for each authenticator and also tasks such as de-enrollment, re-enrollment, and expiry periods. The platform provides flexible ways of defining authentication levels and attaching them to different authenticators and journeys. The platform allows building rules for authentication failures across different authenticators and devices and taking various actions when thresholds are reached. Transmit is FIDO certified and can be used to manage any FIDO authenticator alongside non-FIDO authenticators.