TextKey™ Two-Factor Authentication for the Customer Portal

AI Generated Summary: 

TextKey™ is a secure way to protect online accounts. It lets you prove your identity by sending a text from your phone, and you need to register your phone first. Unlike other methods, TextKey™ avoids entering codes on websites, making it more secure. It relies on your phone's unique "fingerprint" to ensure it's genuinely your phone. Setting it up is simple. If you lose your phone, TextKey™ still works with a new one having the same number. Each person must have their own TextKey™ account, and when someone leaves a company, their account should be removed for security. Click this to watch a short video overview about TextKey™.. Details below:

What is TextKey™?

TextKey™ is an award winning, patented next-generation multi-factor authentication system that is highly secure, simple to install and easy to use. It can be used to protect web sites, mobile devices, Virtual Private Networks (VPNs) or any other data that requires privacy, confidentiality or restricted access.  TextPower uses it on our own Customer Login portal to protect you and your data.

The first generation of two-factor authentication was the "token" or "key fob" that required a user to carry an extra device with them to verify their identity. Users disliked carrying extra devices and it was proven to be easily hackable.

The second generation of two-factor authentication is the "soft token" that uses a cell phone or other device as the authentication mechanism. These are an improvement, but are complex to install & maintain and expensive. Plus, they are less secure because they can be "spoofed" and leave an opening on the web site login that can be hacked because of the immense power of hacking programs on a standard desktop PC.

Now, TextPower introduces the next generation of authentication - the patented technology of TextKey™.

Why should we use 2FA?

2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that's no longer enough to give an intruder access: without approval at the second factor, a password alone is useless.

What makes TextKey™ different than other 2FA solutions?

TextKey™ 2FA requires the user to send a text message from their cell phone, and each person is required to register their mobile device in advance to receive the code used in the authentication process. Other 2FA solutions rely on presenting a code on a web browser, TextKey™ takes a different approach. TextKey™ eliminates information being entered into, or share through a web browser, and as a result, excludes the possibility of Man in the Middle (MITM) and Man in the Browser (MITB) attacks. Using TextKey™, all communication occurs on a secure server-to-server connection outside of the browser environment.

TextKey™ is inherently more secure for many technical reasons, and there are simple, practical reasons, too. For example, if you receive a text message sent to your phone, it can be viewed even when the phone is locked by seeing the message preview on the lock screen (on by default on every phone).

Why is TextKey™ more secure than other 2FA solutions?

Every cell phone ever manufactured contains a unique device identifier (a “UDID”) that serves as the “fingerprint” of that device. While hacking or spoofing may work on common two-factor authentication systems because they receive, not send, text messages, the TextKey™ system eliminates this hacking by using the fingerprint of the phone to verify that the message is being sent by a legitimately authorized phone and not a "spoofed" number. A text message cannot be sent into the TextKey™ system without the cell phone carrying the correct UDID.

How do I get set up to use TextKey™ with the Customer Portal?

The registration process is simple. Once your account is designated to require the use of TextKey™ two-factor authentication our system will alert you the next time you login using your standard ID and password. After successfully entering those credentials, you'll be asked to verify your phone number and your email address - both by using texts that assure you are who you say you are. Once your registration is complete you'll be required to send a text to our system from that phone each time you log in; the login will stay active until you either quit the browser you're using, shut down your computer or 24 hours after you've logged in.

You can also choose to "Trust this browser" for seven days by clicking a checkbox:

What happens if I lose my phone?

TextKey™ continues to work as long as you have replaced your phone through a legitimate process and have had the phone number assigned to the new phone. If you can receive a phone call on the new phone you are all set to continue using TextKey™.

Will I still be able to change my password if needed?

Yes. Passwords can be changed in the same manner that they would be if TextKey™ was not involved. Once your password has been changed using the “Password Reset” function we make the change in your user credentials to associate the new password with your user ID and thus it is also associated with your phone number. No change to your TextKey™ registration will be required if you change your password.

What happens if I have to change my phone number?

You will have to re-register so that the new phone number is assigned to your user credentials instead of our previous number.

What if I change carriers?

TextKey™ continues to work as long as you have "ported" (i.e., transferred) your phone number from your previous carrier to your new one. If you are using a new number with your new carrier you will have to re-register to use TextKey™.

Why can't IDs can't be shared using TextKey™?

Every user ID can have only one phone number assigned to it and messages authenticating your login can only come from the phone that has that number. If you cannot send a text from that phone you cannot login using that ID, therefore each user must have their own user ID.

What if someone leaves a company... how do they "turn off" that ID?

When someone leaves a company that company would have to contact TextPower to remove their user ID regardless of whether TextKey™ is involved or not. Former employees should not have access to our services after they leave your company. Once their ID is removed the second factor of authentication is irrelevant – they will not be able to authenticate their user ID in the first place.

Can I see how it works?

Yes, you can view a 3-minute video of how to register for and use TextKey™ here: