Two-Factor Authentication (2FA) is not a new concept, but with modern technology, employing 2FA is easier and can accommodate almost any end-user.
What exactly is 2FA? 2FA is used to increase security by requiring you to provide “something you know” (a password) and leverage “something you have” (laptop, mobile phone, hardware token). The use of two distinct authentication factors helps eliminate an organization’s security concerns around granting access based on a single, knowledge-based factor.
A very cost effective way of achieving a strong 2FA is through implementing a one-time password (OTP). An OTP is a password that is only valid for only one login session and overcomes the vulnerabilities of using only a static password that can be guessed. Since this OTP is only for a single use, if an OTP is obtained by an unauthorized user it will simply not work.
As mentioned before, 2FA with OTP’s is a very affordable and now flexible option to enforce in your environment. OTP’s formerly used a “hard token”, like a key fob, but those options are expensive and are susceptible to being lost or stolen. Technology now allows the OTP to be obtained through many different “soft token” options that include:
-SMS (Text Messages): This allows you to leverage telephone companies’ SMTP-to- SMS gateways or deliver SMS messages directly using multiple service providers.
-PassiveKey™: This option validates both the user -AND- the device they're using. PassiveKeyTM automatically generates a Time-based One-time Password (TOTP) on a configurable interval and sets the value as a session-based cookie. This cookie is created for only specific websites and is encrypted using public-key cryptography to ensure only the PortalGuard server can decrypt it.
-Email: An OTP can be sent to the user's enrolled email account.
-Printed OTP: When the user is unable to receive an OTP via SMS or phone call, the user has the option of generating and printing a batch of OTPs. These values are still OTPs in that they can only be used for a single authentication.
-Voice: A call is placed to the user's landline or mobile phone with the OTP using either a hosted text-to-speech service or with the SIP protocol which leverages your existing phone infrastructure.
-Mobile Authenticator: The OTP can be read from an enrolled Mobile Authenticator App like Google Authenticator.
-Mobile Transparent Token: The mobile user performs a one-time enrollment where they enter their username, password and OTP (delivered via Voice, Google Authenticator, SMS/Text, Printed, etc). For subsequent logins on that browser, the user only needs to provide their username and password. An OTP is transparently passed to the server each time.
-Help Desk: The OTP can be given to the user over the phone from the Help Desk or Administrator
All-in-all, it is easy to find a 2FA solution that can work in your environment. PortalGuard provides 2FA and offers all of the flexible options mentioned above with seamless integration into most networks. Furthermore, if your company needs to have flexible options, like mentioned before, PortalGuard can allow for multiple 2FA solutions to be used in one organization for one cost-effective price.
