TGAUTH.COM : A telegram messenger based two factor authentication
17
www.tgauth.com introducing ONE TIME PASSWORD delivery through telegram messenger powered by www.cognalys.com tgauth introduction - tgauth
Transcript of TGAUTH.COM : A telegram messenger based two factor authentication
www.tgauth.com
introducingONE TIME PASSWORDdelivery throughtelegram messenger
p o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
introduction - tgauth
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
two factor authentication - scenario
Unauthorized access to, or misuse of, personal or corporate information continues to be pressing source of concern worldwide. According to the 2014 Unisys Security Index, a global study conducted to gauge consumer attitudes on security issues, identity theft is the number one threat in five countries and the number two threat in five more. Bankcard fraud is also a major source of concern and the top threat among adults in four countries and the number two threat in six more countries.News of security breaches has occurred across all industry sectors increasing the fear factor that everyone is at risk. These types of security breaches can damage reputations, incur high monetary losses and can take a significant amount of time and effort to resolve.
2FACTOR
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
two factor authentication - scenario
Two-factor authentication provides unique identification of users by means of the combination of two different components. If one of the components is missing or is used incorrectly, a person's identity cannot be established beyond doubt. Passwords are the necessary primary line of defense for keeping your personal accounts safe, but strong passcodes are difficult to keep track of. Too many people, legal professionals included, fall into the trap of using ones that are easily remembered. It might come as no surprise that the most used password of 2013 ranked by Gizmodo is '123456'.When two factor authentication is applied to an online account, there is an instant benefit of extra protection. This way, even if the password is not as strong as it should be, there is still another line of defense.
2FACTOR
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
benefits of two factor authentication
1) If the first factor is a password and the second factor is to enter a code sent to your mobile phone, receiving a code on your mobile unexpectedly can notify you that your password is no longer secure.2) Two-factor authentication protects the accounts at the login level, not when the password blob is stolen. It prevents a thief from brute forcing log in because they can't log in without the second factor, even if they know your ID and password.3) By integrating two factor authentication, helps users to protect their identity from spammers and hackers.4) Two factor authentications play an important role in preventing phishing.5) 2FA keeps spammers away from your web applications and thus supports your users from spam messages.6) External extruders (hackers) always downgrade the reputation of the company/ Apps.
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
common methods - two factor authentication
Common method used worldwide is one time password (OTP) which will be delivered to the clients mobile device as an SMS. The validity and duration of the password is predefined and the system will not access the password once the duration is over.
Disadvantages of the SMS method:Costly due to an SMS gateway involved to deliver the password.International SMS charges are higher in rates than the national SMS charges.Costly due to users may use 2-3 messages to get verified.SMS are regulated by government advisory board.Roaming users may not receive the messages.Delay in message delivery.Conjunctions in network.
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
sms method - current scenario
The process of verifying an application user's mobile number is highly expensive due to high rates paid to SMS gateways for transactional SMS by the developer .
The SMS gateways will charge the developer on the volume of SMS used and not on verified user’s count. For a single user verification some times 2-3 SMS codes will be used.( for e.g. wrong number entry, conjunctions on network, delay in receiving SMS). So most of the mobile number verification through SMS are costly.
Due to this reason, developers are not able to release their applications worldwide with mobile number verification.
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
what is tgauth?
TGAuth is an economical and reliable two factor authentication platform developed on the famous Telegram Messenger.
Instead of the traditional way of sending password through a costly SMS gateway, TGAuth uses the Telegram Messenger to deliver passwords. Telegram Messenger have an existing user base of 50 million + and millions of new users join every day.
According to the recent studies Telegram messenger deliver messages 60% more faster than any other messenger services in the industry. Telegram messenger is fully open-source, reliable and secure messenger in the industry.
tgauth
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
why telegram messenger?
Fast and Real-time Message deliveryAccording to the recent studies Telegram messenger deliver messages 60% more faster than any other messenger services in the industry with highest level of security.
50 Million + International usersTelegram messenger have an existing 50 million+ users and millions of new user sign-ups everyday.
No geographical RestrictionsTraditional SMS gateway method have several restrictions based on geography, roaming, authorities and messaging time.
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
why telegram messenger?
Open Sourced Free MessengerTelegram messenger is fully open-source, reliable and secure messenger in the industry.
No SMS GatewayUnlike traditional SMS gateway,Telegram messenger works based on latest internet technologies which ensures reliability and dependanacy
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
benefits of using tgauth
No extra Application download.
Real-time password delivery.
existing 50 million+ users.
No Country, time and roaming based restrictions.
Robust documentation and ticket based support system.
Powerful Admin dashboard.
Unlimited message templates.
RESTful API based service.
Single sign-on ( Login with cognalys credentials)
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
benefits of using tgauth
TGAuth(Telegram Authentication platform)Is based on the unique
concept of delivering passwords through the economical way using
existing messenger application service ( telegram) with out any
geographical territory or boundary. Tgauth helps developers to include
two factor authentication / mobile number verification in their mobile
applications / web applications in an economical and reliable way
which uses the robust infra structural platform developed by telegram
messenger.
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
how tgauth works
Telegram
user registration / login
tgauth server
step 1:password generation api
client server client server
tgauth server
OTP deliveredin user’s telegram
messenger
step 2:password verification api
user enterpassword
from telegram
tgauth serververifies the password
client serverreceives verification status
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
how tgauth works
Telegram
user registration / login
tgauth server
step 1:password generation api
client server
OTP deliveredin user’s telegram
messenger
https://www.tgauth.com/api/v1/send_code?temp
late_id=4&mobile=[MOBILE]&token=7erd4rt5se
7gf8er&account_id=nh76tr5643dgcjk765
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
how tgauth works
Telegram
user registration / login
tgauth server
step 1:password generation api
client server
OTP deliveredin user’s telegram
messenger
template_id = ID of a templatemobile = mobile number with country codetoken= xxxxxxxxxxxxxxxxxxxxxxxxxxxaccount_id= xxxxxxxxxxxxxxxxxxxxxxxxxx
Result (if success){ "status": "success", "session_id":"TO_CONFIRM_PASSWORD",}
Result (if failed){"status": "failed","reason":"REASON_OF_FAILURE", }
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
how tgauth works
Telegram
client server
tgauth server
step 2:password verification api
user enterpassword
from telegram
tgauth serververifies the password
client serverreceives
verification status
https://www.tgauth.com/api/v1/confirm?sessi
on_id=[SESSION_ID_FROM_STEP_1]&otp=
[VERIFICATION_CODE]&token=[TOKEN]&ac
count_id=[ACCOUNT_ID]
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
how tgauth works
Telegram
client server
tgauth server
step 2:password verification api
user enterpassword
from telegram
tgauth serververifies the password
client serverreceives
verification status
session= You will get this from STEP 1otp= The entered verification code by the usertoken= xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaccount_id= xxxxxxxxxxxxxxxxxxx
{"status": "success","mobile":"MOBILE_NUMBER","reason":"Verified",}
{"status": "failed", "reason" : “REASON_OF_FAILURE”}
www.tgauth.comp o w e r e d b y w w w . c o g n a l y s . c o m
tgauth
Cognalys, Inc
c gnalys
TGAuth is developed and introduced by cognalys, Inc, a US
based incorporation focused mainly on two factor authentication /
mobile number verification and web security. After the iconic
introduction of the missed call based two factor authentication
which helps developers to avoid the costly SMS gateway for 2FA,
Cognalys launches more economical methods in 2FA which can be
used along with the missed calls based 2FA mechanism
