Various features pertain to two-factor authentication. A user seeking access to the secure facility or system generates a time-limited Quick Response (QR) code with his or her smartphone for display on a touchpad screen of the smartphone. The user presents the display of the QR code to a video camera of an authentication system that controls access to the secure facility or system. The video camera captures both the QR code on the smartphone screen and an image of the user. The authentication system then identifies the user based on a biometric analysis of the image of the user and confirms the authentication by verifying that the QR code corresponds to an authorized user. The QR code may be generated based on a secret key stored within the smartphone and the current date/time, with valid authorization limited to a narrow time window following generation of the QR code. Alternatively, the authentication code may be continuously or periodically transmitted as an infrared signal (IR) by a device such as smart glasses.

Methods and systems for resetting a digital credential within a digital credential based authentication system. The method includes logging a first administrative user into the digital credential system, receiving, from the first administrative user, a first portion of authentication credentials for a first customer, validating, by the first administrative user using the digital credential system, the first portion, logging a second administrative user into the digital credential system, receiving, from the second administrative user, a second portion of authentication credentials for the first customer, receiving the second portion by the second administrative user, validating, by the second administrative user using the digital credential system, the second portion; and resetting the authentication credentials based on the validation of the first portion and second portion.

Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

A non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to receive a transaction request from a user interface, and receive a user-identifier from the user interface, and the user-identifier associated with a user. The program code may be executable to send a first non-audible sound signal to initiate a multifactor authentication process during a first interval, and send a second non-audible sound signal during a second interval, where the second non-audible sound signal comprises a predetermined frequency pattern, associated with the user. The program code may also be executable to receive a third non-audible sound signal, where the third non-audible sound signal, at least in part, is utilized to determine whether to complete the transaction request or not. The first non-audible sound signal, the second non-audible sound signal, and the third non-audible sound signal may comprise a frequency greater than 15 kHz.

A method to implement multifactor authentication of a user may include performing biometric authentication of a person that bears the wearable electronic device and at least one of: performing knowledge-based authentication of the person or presenting an access control token of the wearable electronic device to an access reader that performs token-based authentication of the person. Performing biometric authentication may include receiving a first biometric signal generated by a wearable electronic device and determining a person-specific biometric characteristic of the person therefrom; comparing the person-specific biometric characteristic to a user-specific biometric characteristic of the user determined from a second biometric signal generated when the wearable electronic device was born by the user; and based on the comparing, determining a confidence level that the person is the user to determine a positive or negative authentication of the person as the user.

A method for operating a field device is disclosed, the field device having settings and/or functions classified into different security levels, where one of the settings and/or functions of the field device is selected by a user, at least one security measure is implemented depending upon the security level with which the selected setting and/or function is associated, and the security measure determines whether the selected setting and/or function of the field device is released for the user.

A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to receive a first authentication information, the first authentication information comprising a login and a password for an entity, and to receive a second authentication information, the second authentication information comprising at least one identifying information generated by a hardware authentication device. The server is further configured to execute a hardware-based authentication as a service process, the authentication as a service process configured to use the first and the second authentication information as input to authenticate the entity, and to provide computing resources to the entity if the entity is successfully authenticated.

A method comprises a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the apparatus identification information item or sending a second message to a second server apparatus, the second message including the apparatus identification information item and indicating that the user is authorised to access the service provided by the second server apparatus, the second server apparatus responding to receipt of the second message by providing the service to the user via the computing apparatus using the apparatus identification information item.

Technologies for securely extending cloud service application programming interfaces (APIs) in a cloud service marketplace include a connector hub of a marketplace computing device communicatively coupled to a cloud service provider interface of a cloud service provider and a cloud service broker interface of a cloud service broker. The connector hub is configured to deploy an API connector instance in a connection factory of the marketplace computing device, transmit provider provisioning channel credentials to the API connector instance and the cloud service provider interface and transmit broker provisioning channel credentials to the API connector instance and the cloud service broker interface. The connector hub is additionally configured establish a provisioning channel between the cloud service provider interface and the cloud service broker interface. Additional embodiments are described herein.

Systems and methods of a doorbell device initiating a state change of an access control device and/or a control panel responsive to two-factor authentication are provided. Such systems and methods can include the doorbell device receiving first access credentials from a first device, determining whether the first access credentials are valid, and determining whether the first device has been authenticated with two factors by determining whether an indication of two-factor authentication of the first device has been received from the first device or by soliciting and validating second access credentials from a second device. When the first access credentials are valid and the first device has been authenticated with the two factors, the doorbell device can transmit a state change command to the access control device that controls access to a secured area associated with the doorbell device and/or the control panel that monitors the secured area.