Hosted Softswitch Featured Article

When Passwords Are Not Safe Enough

April 11, 2014

By Mae Kowalke, TMCnet Contributor

The world is not a safe place, and anyone who watches the news or checks Facebook (News - Alert) is aware that recently we’ve all become a little less safe thanks to the Heartbleed secure socket layer flaw that compromises Internet security.

Sometimes the ramifications of a security breach are relatively minor. My Wikipedia account was recently hacked, for instance, which means somebody can now change the definition of grilled cheese in my name and get away with it until I fix the breach.

But other security failures are much worse, such as when a voice-over-IP (VoIP) customer has his account compromised. A hacked VoIP account potentially opens the door for high charges from international calls. Just like a stolen bank account, a compromised VoIP account can be no fun.

Mobile VoIP poses a particular challenge for security. Unlike traditional VoIP, which is usually conducted through a relatively safe Internet connection, mobile VoIP is especially prone to hijacking since passwords and data is often sent over unsecured Internet connections. All it takes is a competent cyber criminal parked in a cyber café or eavesdropping on the network to potentially compromise a VoIP softswitch.

All VoIP accounts use passwords to ward off cyber crime, of course, but often that is not enough. As Heartbleed is showing, even a secure password is no guarantee that cybercriminals will be unable to access an account.

REVE Systems has an interesting solution, however; it offers an iTel Plus Security Device for its iTel Switch Plus softswitch. The device generates a one-time secondary password for the iTel softswitch, which allows there to be two layers of password authentication before a softswitch can be accessed.

This is not simply two passwords that can be compromised. Because the security device generates a new password each time, learning the secondary password doesn’t compromise security. A user needs both the softswitch password and the security device to gain access; one will not suffice without the other, ensuring that a stolen password or even a stolen security device is not enough.

As REVE advertises, the softswitch is safe even if the whole world knows a user’s password.

Now, if only we had a similar security device for all our Internet passwords. I don’t know about you, but this Heartbleed vulnerability is a real headache.

Edited by Stefania Viscusi

Featured Podcast


How important do you think having Mobile VOIP capabilities is for users today? If you didn't respond "very" there are some important details you need to hear. This podcast with REVE Systems Marketing Head Sanjit Chatterjee includes a discussion on the benefits of Mobile VoIP and what REVE Systems offers for the market...

Download Brochure

Hosted Softswitch Industry News