Home › Forums › Site Security › Two Factor Authentication
Tagged: Login, Security
This topic contains 0 replies, has 1 voice, and was last updated by admin 1 year, 6 months ago.
Why Use 2FA?
It is a practical way to add further security to the user logon sequence
The default for all user logons whether local or remote has always been reliant upon the humble password. In the past this has been “good enough” security, however the modern connected world that we work and conduct our business today, a password is now the weakest link.
All to often reports in the media explain about passwords that are stolen, either electronically or by social engineering techniques. Passwords that are easily guessable, passwords that can be sniffed or captured by hardware of software keyloggers.
Viruses and malicious code all play there part in trying to obtain a users passwords, but the biggest concern is how do you know that your password has been compromised. All you security logs will show is that a successful logon occurred. Can you really prove who was actually behind the login. To put all of this into perspective passwords are under attack.
Two Factor Authentication
Two Factor authentication has been around for some time now, it is a practical way to add further security to the user logon sequence, this is accomplished by requiring a second factor to the username/password sequence.
To understand Two Factor authentication we need to know how a user can be authenticated. There are currently three ways:
1. Something the user knows (PIN, Password, Secret)
2. Something the user owns (Mobile Phone, Device)
3. Something the user is (Biometric, retina, fingerprint)
Two Factor authentication a combination of any two of the above three ways. When this is applied to the business world it is usually made from points 1 and 2. This is because point 3 Biometrics is very expensive and very complicated to roll out and end user experience can be troublesome.
Two Factor is made up of something that a user knows and something the user owns. The device that they own then provides a solution where a Passcode is generated locally or is received by SMS, Voice or a Secure Email.
The logon sequence now requires a password, and a passcode to be entered. By providing 2 separate factor of user logon now provides protection to the real user.
The Token Types can be:
2. Email (Blackberry Secure email delivery)
4. Smart phone Soft Token application
5. P.C. or Mac OS Soft Token application
Your Phone, device
By leveraging something the user already has, allows a seamless and cost effective solution for Two Factor authentication to be implemented. SecurEnvoy cannot just only use a phone to receive a passcode via SMS, but extends this to support email and also an interactive voice call. This is further enhanced by having a Soft Token that can be installed on any Smart Phone, this is a unique piece of software that generates a time sensitive passcode without the requirement for any data or internet connection. In addition to Smart Phones devices such as Tablet and iPads are also supported for use of a Soft Token.
Two Factor in the Enterprise
Traditional two-factor authentication solutions have always relied upon the use of hardware tokens (or “fobs”) that users have to carry on their person. The most famous being the keyfob token which would reside upon the user keyring. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost in excess of £50 each. They are notoriously hard to deploy and are not user friendly, they also expire and require replacing every 3-4 years. This is further compounded as how do you support a user who has lost or broken their token, how can they now login without requiring additional support from either helpdesk or admin staff.
You must be logged in to reply to this topic.