What is Echidna and who is it for?

Echidna is an enterprise grade authentication server, which has been developed to support high availability, high volume and high assurance user authentication applications in banks, government departments and enterprises, globally.

Echidna has been designed to integrate with and extend existing firewalls and perimeter solutions to provide a simple to manage and deploy two-factor user authentication (2FA) solution.

Echidna is suitable for any organisation that has a need to provide an additional level of user authentication through utilising a two-factor mechanism, be that a mobile or hardware security token.

Why should I consider getting Echidna?

Echidna provides a low cost and easy to deploy and manage 2FA authentication solution which scales from 2 to 100,000's of users.

Echidna supports a seamless migration from exiting 2FA solutions, which allows an organisation to easily migrate from ageing and expensive token solutions whilst protecting their investment during the transition stage.

Echidna provides a solution that allows an organisation to adopt new authentication mechanisms as they emerge, without expensive retrofit or system remediation.

What authentication services does Echidna offer?

Echidna provides a flexible unified 2FA user authentication service available via RADIUS and web service protocols. It also makes available transaction and document signing mechanisms via web services for applications needing to directly integrate at a more granular level.

Echidna interfaces to a range of Identity and Access Management (IDAM) infrastructures and to general-purpose access gateways through either web services or RADIUS to provide user authentication services

Echidna supports a comprehensive range of authentication standards and mechanisms and device form factors from a range of vendors, including OATH.

What kind of security tokens does Echidna support?

Echidna is agnostic to the authentication mechanism and provides wide support for a range of standard, proprietary and brokered methods, for example:

  • Salt Mobile tokens that are standalone OTP mobile Apps that are supported across a range of mobile devices and platforms, including but not limited to, Android, iOS, Blackberry and Symbian.
  • Hardware security tokens that are compliant to the OATH HOTP, TOTP or OCRA standards
  • Proprietary soft security tokens running as an App installed on mobile devices
  • "Second Channel" one time passwords delivered to a user via SMS or email.

Echidna can also proxy authentication requests to third party servers to support legacy or proprietary tokens such as RSA SecurID and Vasco tokens.

Is Echidna suitable for an enterprise deployment?

Yes, Echidna has been designed from the ground up as an enterprise service addressing associated availability, assurance, scalability and performance requirements.

What 2FA options does Echidna provide?

Two-factor authentication (2FA) generally relies on user knowledge of a secret (a password or PIN value) together with user possession of a device (a security token or mobile phone). Echidna provides the flexibility to support the different combinations that may be required in various situations.

  • If the security token itself is PIN protected, there is usually no need for additional user passwords or PINs.
  • If the security token or OTP messaging channel is not PIN protected, the password from the user store can be used to provide the 'knowledge' factor. Echidna supports validation of Active Directory (AD) or LDAP passwords via LDAP binding, and stored encrypted or hashed passwords for database backed user stores.

The second factor would be the one time password generated by the security token or sent via the messaging channel.

The Echidna supported mechanisms can be combined in a flexible manner to support a diverse user base with multiple mechanisms, and even support individual users with multiple available mechanisms.

Does Echidna support ADFS?

Yes, Echidna supports Active Directory Federation Services (ADFS) through its ADFS Plug-In. Echidna's ADFS Plug-In can be installed on Microsoft Windows Server operating systems to provide users with a single sign-on (SSO) access to systems and applications located across organisational boundaries. Echidna supports Security Tokens that are comprised of contemporary two factor authentication (2FA) methods and hardware security tokens based on Open Standard OATH and Mobile security tokens such as Salt mCodeXpress and SMS OTP.

Echidna provides secure two factor authentication (2FA) solution to corporate and government organisations globally by using the ADFS Plug-In while still retaining a simplified and convenient user experience.

I use RSA SecurID / ACE servers. Why should I switch to Echidna?

Salt Mobile tokens are perpetually licensed, and as such any replacement necessitated by loss or user churn does not incur additional token costs. Industry experienced churn rate is around 30% per annum.

Echidna User licensing is based on active users and Salt Mobile tokens are free when deployed with Echidna. As such, as users come and go, and as devices are lost and replaced, there are no additional charges provided the total user base is not increased. Whereas RSA SecurID tokens are not free and token licenses are not transferable to new users.

Salt Mobile tokens never expire whereas RSA SecurID tokens need to be replaced every few years.

ACE servers can only authenticate RSA SecurID tokens whereas Echidna can authenticate multiple authentication tokens from different vendors.

Importantly, Echidna's brokering service allows an organisation to seamlessly migrate from RSA tokens as these tokens expire, thereby eliminating the higher costs of "big bang" migration of tokens.

Does Echidna support biometric login?

Yes, Echidna can support fingerprint biometric login using Salt Mobile tokens on mobile devices with fingerprint hardware. Salt mCodeXpress Fingerprint Edition is a security token that can be used in conjunction with Echidna's ADFS Plug-In to enable convenient and secure biometric login to Active Directory Federation Services (ADFS) enabled applications such as Windows Server, SharePoint, Google Drive, Office365, Salesforce.

Does Echidna support PSD2?

Yes, Echidna supports the European Payment Services Directive (PSD2) to meet regulations for securing new payments with authentication elements using a range of multi-factor authentication (MFA) methods.

Echidna enables adaptive risk engines to mitigate risk through a range of authentication elements and methods for different levels of authentication from SMS OTPs, Challenge/Response, to more contemporary QR code signing and advanced connected mobile tokens capable of transaction signatures with dynamic linking of the transaction context and addition of PIN, Fingerprint and other biometrics.