StrongWebmail is the first email account to confirm a user’s identity using something they know (their password) and something they have (their telephone). When a person successfully enters their username and password, they must receive a phone call or text message to their telephone. The phone call gives them a 3 digits code which they enter into the computer.
This ensures that even if someone’s password is stolen, the thief would never have access to a person’s cell phone.
According to Symantec’s Global Internet Security Report, email accounts are the third most popular items for sale on underground economy servers. The report also notes that attackers are concentrating on compromising end users for financial gain. In 2008, 78 percent of threats exported user data, and 76 percent used a keystroke-logging component to steal account credentials. With StrongWebmail, a stolen password is not enough!
In addition to protection from fraudsters, StrongWebmail protects against “friendly” fraud where a boss or spouse snoops on your email. If one of these people tries to log into your account, a phone alert will be sent to the true account owner alerting them that someone is trying to break in (like a silent alarm).
Optionally, the user can opt not to receive a verification call when they are logging in from a home or work computer. A cookie is stored so that the person does not have to receive the verification call.