New app for passwordless and secure login to digital resources

Identity and security company Nexus Group has released a new mobile phone app for two-factor authentication (2FA) in digital services. “This app strikes the perfect balance between security and seamless user experience, which opens up great new possibilities,” says Malin Ridelius, product specialist at Nexus.

With the new app, Nexus Personal Mobile, users get push notifications in their smart phones when attempting to access your digital services via their computers or mobile devices.

“Then they get access to all the resources you choose to expose with a single touch on the fingerprint reader or by entering their pin code in the app,” says Ridelius.

Mobile device 2FA means that organizations do not have to issue and manage separate authentication hardware, such as smart cards or physical one time password (OTP) tokens.

“This is very exciting, for two reasons. Organizations can move away from expensive and user unfriendly 2FA solutions, which will accelerate digital transformation initiatives. And those organizations that today use different passwords as an authentication method can increase security, traceability and control at the same time as they make life easier for the user,” says Ridelius.

Personal Mobile is used together with Hybrid Access Gateway, Nexus’s authentication and single sign-on (SSO) platform, and consists of multiple layers of security.

“We have invested a lot in security in this app and we will continue to evolve our security features as new best practices emerge. The user’s digital identity is stored in the operating system sandbox, an area within the device which has been designed for the storage of sensitive information. We have also protected the app against reverse engineering and malware,” says Ridelius.

The process of enrolling new users can be integrated in existing policies or enhanced through Nexus’s identity and access management platform PRIME, which enforces uniform on-boarding and off-boarding policies in the management of identities, credential data and entitlements.

“This guarantees a very high level of assurance, which of course is fundamental for a trustworthy authentication solution. If you are not certain that the user’s digital identity is secure, it does not matter how secure the rest of the solution is,” says Ridelius.

Personal Mobile is available for iOS and Android, and is also offered as a software development kit (SDK) for integration into your own apps.

“We have piloted a beta version of the solution for a while now, and both partners and customers have shown great interest. They say they want to use Personal Mobile to enable online banking, ditch the hardware tokens for access to corporate IT systems, enable e-services in the public sector, improve security when students access school systems, and increase the level of assurance when it comes to knowing what users they interact with in their customer portals,” says Ridelius.