1.5 Factor Authentication: Myth or Fact?

Written by

 Last week, I met with Steven Hope, technical director at Winfrasoft, a multi-factor authentication company.

As Hope was introducing me to the company and their suite of products, he listed everything they offer: “PINgrid, PINphrase and PINpass which deliver strong and affordable two-factor, one-and-a-half factor, soft-token and token-less, one time code, authentication capabilities for heightened security.”

That’s a lot to take in, but the phrase ‘one-and-a-half-factor’ sticks out like a sore thumb. Let me explain to you what 1.5 factor authentication means in regards to PINgrid, in simple, non-tecchie language.

The PINgrid two-factor authentication is something you have (your smartphone) paired with something you know (a passcode derived by overlaying a memorized pattern onto a grid of unique randomly generated numbers, which appears on an app on your smartphone – see example below).


PINgrid 1.5-factor authentication is when the same grid is displayed on your computer screen rather than your smartphone. “It’s still generating a one-time code and it’s still something you know, but there is no need for the ‘something you have’ aspect”, explained Hope. “This mitigates the same security issues but without needing a second factor. You don’t have the risk of losing your device with 1.5-factor authentication either”, he pointed out. It’s also cheaper than the two-factor authentication option.

“Everyone has to authenticate, like it or not”, said Hope. “So let’s make it as easy as possible for users. Don’t put barriers in place, because people will always find ways around them.”

So is 1.5-authentication a myth? Technically speaking, yes, but it's a good marketing/PR term. In terms of security, however, it does sit somewhere between one-factor and two-factor, so I do understand how it gets its name.

For more information about Winfrasoft’s authentication products, please visit their website.

What’s hot on Infosecurity Magazine?