The Protectimus Bot is a brand-new approach to 2-factor authentication involving the use of chatbots on popular messaging platforms to deliver one-time passwords. Chatbots ProtectimusBot are available on Facebook Messenger, Telegram and Viber. The list of supported messaging applications is constantly growing, and can be expanded at the request of our clients. OTP delivery through messaging apps solves a number of key problems: it’s much more secure than SMS authentication, completely free and easy to use for clients and their users.
SMS authentication has always been the most popular means of multifactor authentication because sending one-time passwords and other notifications through SMS is very convenient — you only need to know the user’s telephone number. However, this OTP delivery method has a number of downsides: it’s expensive, offers a low level of security, and requires users to be within range of a mobile phone network. Using messaging apps makes delivering one-time passwords no less convenient, but it’s more secure — and best of all, it’s free!
2FA using messaging apps is cost effective: you don’t need to pay for expensive SMS messages; you can send OTP passwords and other notifications for free using these services. It’s easy to use: you don’t need to distribute hardware tokens to users or have them install authentication apps. In fact, one of the supported messaging apps is probably already installed on your users’ phones. It’s secure: access to messaging apps is protected by a password, and often by multifactor authentication as well. All messages are reliably encrypted. Internet access is required to use messaging apps.
One-time passwords delivered through Viber, Telegram, Messenger, etc. can be generated using HOTP (HMAC-based One-time Password Algorithm, RFC 4226) or TOTP (Time-based One-time Password Algorithm, RFC 6238) algorithm. CWYS (Confirm What You See) data-signing functionality is also supported. Based on OCRA (OATH Challenge-Response Algorithm, RFC 6287), it allows using transaction or session data to generate one-time passwords. TOTP, a time-based algorithm, is the optimal choice. Using CWYS functionality guarantees an even greater level of security.
To activate two-factor authentication using the Protectimus chatbot on Telegram, Facebook Messenger, Viber or another messaging app, users need to search for the @ProtectimusBot account in their messenger and start a chat with the bot using the /getid command. In response to the /getid command, the user will receive a unique chat ID, which they provide to their administrator to issue a token. As an administrator, issuing a token is even simpler: input the chat ID into the admin panel and a token will be assigned to the user.