What is Two-Factor Authentication?
At its core, two-factor authentication is all about checking credentials. Are you who you say you are? Traditionally, a user name and password are used to log into a secure system. Two-factor authentication provides an additional layer of security, in the form of something you physically have, to be able to log into the system. This can be a physical token in the form of a smart card or embedded into a key fob. With the proliferation of smart phones, such as iPhone or Android devices, people are already carrying something that can be used in place of a key fob. This can greatly simplify the deployment and feasibility of implementing two-factor authentication.
Why is two-factor authentication important today?
People are accessing applications and data from many different endpoints, and many companies today support employees bringing their own devices to work. The way people work has changed greatly in recent years, and more and more companies are allowing employees to work remotely, and access the company’s secure network from personal computers and smartphones. Data has also been migrating from walled gardens inside a company’s data center to public clouds. With this migration comes and ease of accessing data from any device, anywhere. This increased accessibility makes it more important than ever to ensure that the person accessing your data really is who they say they are.
Where would I use two-factor authentication?
Two-factor authentication can be used anywhere that you have important electronic data. Common use cases are VPN’s. virtual and remote desktops, email, HP systems, CRM and enterprise resource management systems, and cloud access file systems such as Box or Dropbox. Two-factor authentication is also popular among customers needing to meet compliance requirements. This includes implementing a two-factor authentication solution to meet PCI requirements for remote access to your network and systems that contain cardholder data. Another common use case for two-factor authentication is healthcare organizations who need to meet HIPPA compliance guidelines for mitigating risks associates with remote access to systems containing patient data.
What two-factor solution ranks highest on your list, and why?
Duo Security, a cloud based two-factor authentication solution, is a favorite of mine. You can get Duo up and running in just a few minutes, and they also provide some of the best documentation about how to get your applications configured with their platform. The Duo Push two-factor authentication method is one of the easiest methods of authentication. For example, when I log into an application I get an automatic Duo Push notification on the device I physically have (for example my iPhone). From that device, I simply click the “Approve” push notification, and am instantly logged into the application. No need to copy numeric code from a key fob with my password. On the other hand, if someone is trying to access an application as me, when I receive a push notification simply click “Deny”. Once you reject the request you will be given the ability to report the request as fraudulent if needed.
When deploying a two-factor authentication solution, what should IT teams be looking at?
Primarily, customers should identify which applications they would like to, or are required to, protect with two-factor authentication. It’s important to validate the two-factor authentications solution supports the applications they are protecting. It is also important that customers evaluate the user experience when piloting and implementing a two-factor authentication solution.
Learn more about two-factor authentication here.
Written By: Marshall Hill, LookingPoint, Inc. Solutions Architect