Security FAQ

How is TruValidate Multifactor Authentication more secure than password-based systems?

No one is able to authenticate as you by figuring out something you know. TruValidate Multifactor Authentication is tied to your device so it is something that you must have. Any requests for authentication that are made by someone who isn’t you will still appear as notifications on your device notifying you immediately. With passwords you have to trust the system that is keeping it to properly encrypt it and keep it away from unauthorized access. With TruValidate Multifactor Authentication you just have to know where your device is.

Is this two-factor authentication?

Absolutely. Two-factor authentication, also known as multi-factor authentication, requires the authenticating user present at least two of the three recognized authentication factors: a knowledge factor (something the user knows), a possession factor (something the user has), and an inherence factor (something the user is). TruValidate Multifactor Authentication uses physical authentication over unique linked smartphones or devices to satisfy the possession factor, PIN Code or Circle Code combined with a unique TruValidate Multifactor Authentication username satisfies the knowledge factor, and geographic data along with geofencing satisfies the inherence factor.

What type of encryption does TruValidate Multifactor Authentication use?

TruValidate Multifactor Authentication uses public-key cryptography with signing and 256-bit AES encryption. The RSA keys are 4096-bit on the devices with v2 TruValidate Multifactor Authentication Mobile Authenticators.

Does TruValidate Multifactor Authentication use SSL?

TruValidate Multifactor Authentication forces the use of secure HTTPS connections on all services. We use HTTP Strict Transport Security (HSTS) to ensure browsers only interact with us over HTTPS, and we’re on the HSTS preload list for Chrome. Additionally, we employ an ECDHE-RSA-RC4-SHA cipher with perfect forward secrecy (PFS) on all modern browsers and a Qualsys SSL “A” server rating.

User Contributed

TransUnion links to user contributed code as a resource to its community. TransUnion does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to TransUnion immediately and we will investigate the claim. Submit any issue to TransUnion support at ×