Datablink Device 200 and Mobile 200
Strengths: Ease of setup and a very nice approach to simple but secure authentication.
Weaknesses: We would like to see a bit more support information on the website. An FAQ, blog or documentation download would offer some improvements, for example.
Verdict: A unique and user-friendly approach to strong authentication. This fits well in a banking environment and with other Datablink products can provide more universal authentication to such things as networks.
These two authentication products are identical in function. However, the Mobile 200 works with an Android, iPhone or Windows phone while the Device 200 is a small device with a screen. The device is a bit smaller than a pack of cigarettes and about a quarter inch thick. It contains a physical monitoring pad, such that the only person who can authenticate with it is the person holding it..
The idea behind Datablink is that you pair up your device or mobile phone with a screen that is presented from a server online. The online web page has a blinking icon of sorts and you read the icon with your phone or device. This generates a challenge/response pair on your device or phone. You enter the response on the web page and you're authenticated. The challenge stays present for a predetermined period and if you do not respond it generates a new challenge.
We tested the Mobile 200 - the two products work identically - and it took us about 10 minutes to download the app from the app store, install, register with the website for the first time and run our tests. We don't think it could have been much simpler. Given that just about everyone has a smartphone these days we're betting that the Mobile 200 is the more popular of the two.
Through a backend connection to the organisation, Datablink generates a secure channel. This allows secure authentication for banking transactions. This process can be used for secure banking or transaction signing. The Device 200 is especially good for mandating authorised user presence. It requires the authorised user to be physically present and holding the device when using it. A stolen device simply would not authenticate properly.
The Mobile 200 has the added advantage that many of today's smartphones come with fingerprint readers. While they are not always perfect, they raise the bar substantially for physically identifying the user. Using the Mobile 200 on a phone to which the user had authenticated biometrically certainly adds an additional secure dimension to the transaction. The Mobile 200 also can use push technology to receive authentication- or transaction-signing requests and can respond with a single button. It can read encrypted QR codes and can work with traditional time-based one-time passcodes.
The management server is the backend software that controls the authentication process. It synchronises with Active Directory or LDAP and generates everything the Device 200 or Mobile 200 need to complete the authentication process. It logs extensively and generates several different reports that can be used for audits and compliance. The management server runs on Windows and can run in a virtualised environment.
The website contains an efficient demo and mostly sales information. There is a data sheet for each of the available products, but we would like to see a bit more support information on the site. The support help desk is available eight-hours-a-day/five-days-a-week and, with a separate contract, 24/7. Datablink partners also provide localised support. Documentation is good and the pricing for both products is very attractive. We liked its ease of use and the company's unique approach to authentication.