WEBINAR AMPLIFIER

Enhancing Encrypted
Email Experience with
Flexible Authentication
Methods

Sarah Happé
Director Client Engagement, Echoworx

Chris Peel
VP Customer Engineering, Echoworx

© 2024 TechTarget, Inc. All Rights Reserved. 1

Contents
Executive summary 3
Introduction 4
Echoworx email encryption delivery options 5
Basic authentication 6
Social connectors 7
OpenID 8
Third-party authentication 9
Linkless communication 10
Shared secret authentication 11
Authentication with SMS 12
URL-based authentication 13
Customer case study 14
A new chapter in email encryption 15

2
Executive summary
As a leading provider of secure communication solutions, Echoworx presents an extensive array of
authentication options, catering to the diverse needs of businesses in today's digital landscape. These options
include basic authentication, social connectors, two-factor authentication, OpenID, passwordless
authentication, linkless communication, shared secret authentication, SMS verification, and URL-based
authentication. Echoworx ensures a delicate balance between security and usability, offering multiple avenues
for accessing their services.
The company's collaborative approach involves working closely with customers to grasp their individual needs
and requirements effectively. Additionally, with the advent of the mobile-first delivery concept, businesses are
witnessing a paradigm shift in their communication strategies. Recognizing this trend, businesses are
increasingly adopting a mobile-first approach to ensure seamless interaction with their customers on the
platforms they prefer.

3
Introduction

Echoworx, a prominent provider of secure delivery and communication solutions, presents a diverse range of
authentication options essential for ensuring robust security measures. While authentication plays a pivotal role
in safeguarding communications, it also significantly influences usability. Recognizing this delicate balance,
Echoworx offers a myriad of access methods to its services, meticulously designed to harmonize security and
user-friendliness.

Leveraging their expertise in customer engineering, Echoworx collaborates closely with clients to
comprehensively grasp their unique needs and requirements. This collaborative effort facilitates continuous
refinement of the product roadmap and future vision, ensuring alignment with evolving customer expectations.
By fostering an environment of open communication and feedback, Echoworx ensures that its solutions remain
tailored to the dynamic needs of its clientele.

With Echoworx, customers can rest assured knowing they have access to the latest and most secure
authentication options available. The company's commitment to staying abreast of emerging technologies and
industry best practices underscores its dedication to providing top-notch security solutions. Echoworx
empowers businesses to navigate the complex landscape of secure communication with confidence, enabling
them to focus on their core objectives without compromising on security.

© 2024 TechTarget, Inc. All Rights Reserved. 4

Echoworx email encryption delivery options

Echoworx's platform presents a variety of authentication options tailored specifically for secure email
communication, acknowledging the importance of customization in meeting diverse user needs. The platform
offers both direct and pull delivery methods, placing particular emphasis on certificate-based encryption push.
With a total of eight distinct login methods available, Echoworx caters to different preferences and priorities.
Some are geared towards enhancing usability by minimizing friction, while others prioritize stringent security
measures. The platform's dynamic configuration capability allows for flexible adjustment either through
programming or systematic adjustments, enabling users to tailor their authentication approach to their specific
requirements.
Furthermore, users have the flexibility to utilize multiple authentication options simultaneously or
independently, enhancing the adaptability of the platform to varying security needs. By focusing on message
encryption, Echoworx aspires to establish itself as the premier omnichannel solution for secure messaging,
providing comprehensive security across different communication channels.

5
Basic authentication

Basic authentication stands out as the most commonly used method for accessing a portal, involving the input
of an email address and password. While it may not rank as the most secure approach, its appeal lies in its
self-service nature, significantly reducing the necessity for assistance from help desks. Crucially, ensuring
security with basic authentication hinges on implementing robust password controls, maintaining password
history, establishing reliable recovery processes, and enabling self-management functionalities.
Moreover, the trend towards security through transparency is gaining traction, wherein users receive
notifications about any new device attempting to access their account. This not only enhances security but also
fosters trust between the user and the authentication system. Furthermore, basic authentication allows for the
incorporation of authentic branding elements that seamlessly align with the customer's corporate messaging,
enhancing brand consistency and recognition.
Nevertheless, challenges such as forgotten passwords and the subsequent need for reset functionality persist
within basic authentication setups. Overcoming these challenges requires innovative solutions to streamline
the password recovery process while maintaining the security integrity of the authentication system.

6
Social connectors

Social connectors offer a straightforward and expedient means of authenticating users without necessitating
the creation of new accounts. Users can effortlessly log in using their existing credentials from third-party
providers such as Google, Yahoo, or LinkedIn. This approach garners popularity for its ability to circumvent the
complexities of password management and recovery.
However, some organizations may harbor reservations regarding the security and privacy implications
associated with third-party providers. Compliance teams may find it imperative to conduct thorough
assessments of each provider's policies and security measures before granting access through social
connectors. Despite these considerations, social connectors persist as a reliable and convenient authentication
method, trusted by users for its seamless integration and ease of use.
Nonetheless, it's essential to recognize that reliance on social connectors introduces potential challenges.
Organizations must navigate concerns regarding the dependence on external platforms for authentication and
the associated risks of data breaches or privacy infringements. Balancing the convenience of social connectors
with robust security measures and compliance requirements remains a priority for organizations seeking to
leverage this authentication method effectively.

7
OpenID

OpenID serves as an authentication standard for facilitating customer access through existing enterprise-wide
solutions. Leveraging principles from OAuth and SAML, OpenID utilizes a dedicated connector such as Okta to
verify user credentials. One of its primary advantages lies in streamlining user authentication by obviating the
necessity of managing multiple passwords, granting customers full control over their authentication process.
However, implementing OpenID poses certain challenges. For instance, it necessitates a verified email
address within the customer directory, adding a layer of complexity to the authentication process. Furthermore,
integrating OpenID into existing systems may require significant time and resource allocation, potentially
posing obstacles for organizations.
Despite these challenges, OpenID remains an established industry standard offering a viable solution for
enterprise authentication needs. Its ability to simplify user authentication while maintaining security standards
makes it an attractive option for organizations seeking efficient and standardized authentication protocols.

8
Third-party authentication

In the realm of data exchange, trust and authentication emerge as pivotal considerations for organizations.
While third-party services like Google offer convenience, some entities may hesitate to entrust the security of
their data entirely to external providers. This apprehension intensifies in contexts such as high-value asset
trades, where the potential consequences of unauthorized access are particularly severe. In such scenarios,
implementing two-factor authentication becomes imperative, serving as an additional layer of security to
mitigate risks.
Navigating the landscape of authentication methods necessitates a nuanced approach that carefully balances
considerations of risk and usability. Organizations must assess the unique characteristics of their data
exchange operations to determine the most suitable authentication mechanism. Striking the right balance
between stringent security measures and user-friendly authentication processes is crucial for fostering effective
data exchange.
Ultimately, trust and authentication stand as cornerstones in safeguarding the integrity and confidentiality of
data exchange processes. Organizations must prioritize solutions that inspire confidence in data security while
also addressing usability concerns. By doing so, they can bolster trust among stakeholders and mitigate the
risks associated with unauthorized access or data breaches.

9
Linkless communication

Linkless communication introduces a secure messaging platform designed to enhance security by eliminating
links from notifications for portal messages. Operating as a single sign-on integration, it enables recipients to
seamlessly return to their existing portal without necessitating links or additional registrations. Recipients
access their portal in the usual manner, and through web services integration, a dynamic one-time use token is
generated, automatically logging them into the secure messaging platform.
This innovative approach alleviates the burden of customer creation or authentication from the messaging
platform. Moreover, it affords flexibility and adaptability in terms of product configuration. By leveraging linkless
communication, organizations can streamline the user experience while fortifying security measures, thus
enhancing overall efficiency and reliability in message exchange.
Furthermore, linkless communication offers a sophisticated solution that enhances both security and user
convenience. By removing the reliance on traditional links, which can be susceptible to various security risks
such as phishing attacks, this platform provides a robust defense against potential vulnerabilities. Additionally,
its seamless integration with existing portals reduces friction for users, promoting a smooth and intuitive
communication experience. Overall, linkless communication represents a forward-thinking approach to
messaging security, aligning with the evolving needs of modern organizations for both enhanced protection
and streamlined user interaction.

10
Shared secret authentication

Shared secret authentication serves as a robust security model employed to authenticate users to messages.
This method entails the establishment of a password or passphrase during message transmission, which is
communicated separately to the recipient through an out-of-band channel. The passphrase must be both
unique and sufficiently secure to safeguard the message's contents. This authentication approach proves
particularly valuable in scenarios where an immediate message delivery is required, and there is no pre-
existing registration process in place.
This distinctive security model assigns a unique passphrase to each message, ensuring that only the intended
recipient possesses access. By relying on shared secret authentication, organizations can ensure
confidentiality and integrity in message transmission without the need for complex registration procedures.
Moreover, the Outlook add-in incorporates built-in password rules to enforce the use of strong passwords,
further enhancing security measures.
In essence, shared secret authentication offers a pragmatic solution for secure message authentication,
enabling swift and reliable message delivery while maintaining stringent security standards. Its implementation
underscores a commitment to safeguarding sensitive information and ensuring secure communication
channels in diverse operational contexts.

11
Authentication with SMS

SMS verification emerges as a secure and convenient method for verifying recipients in the context of portal
messages. This approach entails including the recipient's mobile number in the message, through which a
password or message can be delivered to the portal. Subsequently, the recipient can access the message by
inputting an SMS code. This authentication method proves particularly suitable for transient users who receive
messages sporadically and prefer to bypass formal registration processes.
The platform further enhances its usability by incorporating a fallback method for cases where SMS verification
isn't feasible. This ensures continuity of service delivery and maintains accessibility for users even under
challenging circumstances. Notably, SMS verification is gaining traction in specific market segments due to its
enhanced security features and utilization of out-of-band verification, akin to Multi-Factor Authentication (MFA).
In essence, SMS verification represents a pragmatic approach to authentication, offering a blend of security
and user-friendliness. Its adoption aligns with the evolving needs of modern users, who seek secure
communication channels without compromising on convenience. As organizations prioritize data security and
user experience, SMS verification emerges as a compelling solution for verifying recipients in portal messages.

12
URL-based authentication

URL-based authentication, commonly referred to as web-based TLS, stands out as a prevalent method for
delivering messages securely and seamlessly. Particularly well-suited for inbound communication scenarios
such as customer onboarding, where sensitive documents need to be exchanged, this method ensures that
messages remain confidential by preventing visibility to the recipient's provider. This not only safeguards
against unauthorized scanning and advertising but also furnishes audit and recall functionality, making it an
ideal choice for sharing information while maintaining branding and auditing requirements.
However, despite its merits, URL-based authentication presents a notable challenge: the accessibility of the
authentication link to anyone who encounters it. This characteristic renders it unsuitable for transmitting highly
classified information, as it lacks the necessary safeguards to restrict access solely to authorized recipients.
Nevertheless, despite this limitation, URL-based authentication remains a widely utilized functionality,
surpassing initial expectations due to its versatility and applicability in various communication scenarios.
In summary, URL-based authentication occupies a niche role in message delivery, offering a blend of security
and functionality that caters to specific use cases. While it excels in ensuring confidentiality and providing
essential audit capabilities, its inherent limitations necessitate careful consideration of its suitability for
transmitting sensitive information. Nonetheless, its widespread adoption underscores its value in facilitating
secure and efficient communication processes across diverse organizational contexts.

13
Customer case study

A large insurance company has undertaken a comprehensive process to evaluate the security requirements of
their end users and determine the most appropriate measures. Utilizing the extensibility of the plug-in
effectively, they have established a dynamic system where, depending on specific data classifications, they
may employ Transport Layer Security (TLS) as the primary method of communication, with the option to fall
back to the portal if necessary. This approach allows them to provide a diverse array of options to their users,
all under the umbrella of the blue padlock, symbolizing enhanced security.
Furthermore, the company places a strong emphasis on staff education, ensuring that employees understand
when to utilize a shared secret for message encryption and when to rely on TLS with fallback. They have
implemented tailored configurations to optimize their security protocols, including the elimination of
unnecessary notifications sent back to the message senders. Through their meticulous approach, they harness
almost all available delivery mechanisms to maximize efficiency and security across their communication
channels.
In essence, this insurance company serves as an exemplary use case for implementing advanced security
measures in a corporate setting. By leveraging the capabilities of the plug-in and providing comprehensive staff
training, they have established a robust security framework that prioritizes both effectiveness and usability.
Through their proactive approach to security adjudication and implementation, they exemplify best practices in
ensuring data integrity and confidentiality within their organization.

14
A new chapter in email encryption

The emergence of the mobile-first delivery concept represents a significant shift in how businesses engage
with their customers. With the proliferation of mobile devices and the widespread adoption of messaging
applications such as WhatsApp, companies now have the opportunity to connect with their customer base
more efficiently than ever before. In regions like South America and Malaysia, where mobile devices
outnumber laptops, WhatsApp has emerged as the dominant communication platform, facilitating seamless
interactions between businesses and consumers.
This paradigm shift has prompted businesses to pivot towards a mobile-first delivery approach, recognizing the
importance of meeting customers on their preferred platforms. This trend is particularly evident as businesses
seek to capitalize on the advantages offered by mobile-first strategies, such as increased reach and improved
customer satisfaction.
As the benefits of the mobile-first delivery concept become increasingly apparent, this trend is expected to
persist and expand across various industries. By leveraging mobile devices and messaging platforms
effectively, companies can forge deeper connections with their customers and drive business growth in the
mobile era.

©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc.
and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of
TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners.

This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent
TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties.
Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.

Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the
express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any
questions, please contact your TechTarget client representative.

15