Tools4ever adds Time-based One-time Password to HelloID

Tools4ever, the leader in Identity Governance & Administration (IGA), adds Time-based One-Time Password (TOTP) to cloud solution HelloID. HelloID is a Single Sign-On portal that safely gives employees access to web applications by logging in just once.

The new OTP functionality is an extension of the existing two-factor authentication (2FA) capabilities to ensure even better security, regardless of the user’s physical location. This new authentication option can be activated for both access to the portal and the individual applications within it. Any OTP App that uses the Time-based One-Time Password algorithm is compatible with this new functionality. This allows direct use of Google and Microsoft Authenticator.

The OTP algorithm was first developed by the Open Authentication (OATH) initiative as an improvement on the HMAC-based OTP (HOTP) developed in 2005. It adds a time-based factor to the existing cryptographic hash function.

The OTP algorithm generates a random 6-digit code on the user’s mobile device every 30 seconds. After 30 seconds, the validity expires, and a new code is generated. This constantly changing code improves security over static passwords and reduces the chance of repeat attacks as a result of, for example, identity theft through phishing and keyboard logging. By adding OTP to HelloID, the 2 most important security requirements of two-factor authentication are met: a password (something you know) and the generated code via your own smartphone (something you have).

The addition of Time-based One-Time Password to HelloID fits into our strategy to make HelloID the most secure portal for accessing corporate applications from any location, says Jacques Vriens, director at Tools4ever. We aim to make it as easy as possible for users to be productive. Quick access to all applications in the safest possible way.