Enterprises typically have various requirements for authentication, based on the individual or groups of users who are entering their systems and using the numerous applications available. The type of application a user is accessing also dictates the authentication requirements. Financial, human resources and other applications that store confidential information or sensitive files and records require stronger authentication than typically needed, mainly to ensure regulatory compliance. In those cases, multi-factor authentication — using “something you know” (a password) and leveraging “something you have” (typically a token) — is probably the best approach for guaranteeing that only authorized users access restricted applications and that sensitive information is protected.
When requiring multi-factor authentication, enabling usability for the users is critical, as they need to gain easy access to the information and files that are required to do their jobs in order to maintain productivity. Also, allowing the organization the flexibility of configuring authentication is necessary for helping them meet the various security requirements of their numerous applications and address the access control needs with different users. However, usability and flexibility with multi-factor authentication have not always been possible. Despite this, companies know that requiring only a password, especially with web-based applications, is insufficient, as passwords are easy to exploit and steal. An authentication solution using two distinct authentication factors is what will help eliminate their concerns with the security of access based on a single, knowledge-based factor.
The optimal two-factor authentication solution offers usability and flexibility as well as security, enabling end-users to achieve uncomplicated access and providing organizations with authentication controls — all while reducing risk. Usability is achieved by using a One-Time Password (OTP) obtained via a laptop, mobile phone or other device the user has, along with another password or username to accomplish two-factor authentication. Flexibility is obtained by allowing the authentication factors to be configurable based on the organization’s employees, applications and needs.
The OTP in this two-factor authentication scenario would validate both the user AND the device they are using. This tokenless approach leverages a device the user already has rather than requiring them to possess a separate hardware-based OTP-generating token for authentication, thereby increasing user adoption. The user’s device acts as the “token” or “something the user has” when unlocked by the user’s successful login to it. The time-based OTP is generated on a configurable interval and could be implemented as a toolbar in the user’s web browser. The OTP is totally transparent, as it has no interface and does not require additional processes.
The optimal two-factor authentication solution would give organizations the flexibility to configure the length, expiration and format of the OTP and how it is delivered to the user. OTP delivery options include email, printer, transparent token or via SMS, as no gateway is required. Transparent tokens could be made up of several types of parameters, such as a random number, a device serial number and/or Active Directory identifiers, which are encrypted.
Using what is called Contextual Authentication, organizations would also have the flexibility to choose the appropriate authentication method for each user, group or application, meeting the needs of the various access scenarios that occur. For example, onsite users may only need to provide strong passwords, whereas roaming users would be required to use two-factor authentication.
Ask organizations to describe the optimal authentication solution and it would be one offering the option of increasing security with an extra layer of authentication and reducing the risk of hacker attacks by employing credentials which expire after one use. By using a tokenless two-factor approach that leverages a device the user already has, organizations would not only offer their users increased usability but ensure greater user adoption. By having the ability to configure the OTP and its delivery method based on their users, groups, applications and organizational goals, organizations would have the flexibility they need to control the level of security required for certain user access scenarios. Because one password or one factor isn’t always enough, organizations’ authentication requirements would be met and the residual benefits would go beyond stronger authentication to include a lower total cost of ownership.
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php