Blog Feed

Two-factor authentication for Windows 7, 8, 10

Posted by on 12:29 in Protectimus Products, R&D, Setup Guides | 0 comments

Two-factor authentication for Windows 7, 8, 10

Since Windows is one of the most used systems, especially among various businesses, it makes sense to thoroughly protect it. Protectimus has an excellent two-factor authentication software for Windows 7, 8, 8.1, 10. In this article, we will look into how it works and how to set it up. And we will address the most common questions on our two-factor authentication for Windows login. How does two-factor authentication for Windows login work Two-factor authentication for Windows login is rather simple. The process consists of two successive levels of login, just as the name suggests. First, the user has to sign in with their common Windows credentials (their regular username and password). On the second level, the user has to enter a one-time password (OTP). This password is valid only for 30-60 seconds and can be delivered or generated via a number of different ways, the user can choose which way they prefer. It can be a chat-bot message, 2FA app, email, SMS or one of our hardware security tokens. Windows 7 two-factor authentication ensures there’s minimum to none risk for the Windows user account to be breached if the user’s regular password is compromised. In this unfortunate case, the criminals will have to get access to the user’s email, phone or hardware token, which is much harder to accomplish. And at the same time, if the phone or OTP token is compromised, the attacker still has to guess the password. Besides, each one-time password generated by your two-factor authentication token can be used only once and is time sensitive. This means that the generated code will simply expire and won’t be usable within 30-60 seconds. Which makes it almost impossible to intercept and have the code used for unauthorized access to the protected Windows account. | Read also: 10 Windows Computer Safety Tips How to set up two-factor authentication for Windows 7, 8, 10 It is very easy and fast to set up Protectimus dual factor authentication Windows solution and have your Windows 7, 8, 8.1 or 10 thoroughly protected from unauthorized access, the whole process usually takes less than 15 minutes. This Windows two-factor authentication software is designed both for individual and business users. So it’s very easy to set it up. The set up can be done by any user themselves without involving an admin with special skills. The steps to set up Protectimus Windows 2-step verification can be roughly described as follows: Register in Protectimus Service Fill out the registration form and create your Protectimus 2FA service account. Activate a Service Plan Choose a service plan and make sure to activate it, even if it’s a Free service plan. The API won’t function unless a service plan is activated. It can be deactivated at any time. Create a Resource To group and easily manage the users and tokens we use Resources. So the first step to actually start using Protectimus MFA for your Windows is to create a Resource, which is done by clicking one single button and giving a name to the Resource you created. Create a User Once a Resource is created you need to create a User. The user login you create in Protectimus must be the same as your Windows username. Before creating a user, make sure that your Windows username contains...

read more

Electronic Visit Verification with Hardware Tokens

Posted by on 17:28 in Protectimus Products, R&D | 0 comments

Electronic Visit Verification  with Hardware Tokens

Protectimus multifactor authentication solution is an ingenious, versatile system that can be used in many ways, from helping developers implement two-factor authentication on their apps and services to protecting an end user’s Office 365 account with the help of hardware tokens. Our team made Protectimus system truly versatile, it could be customized to create even the most unconventional solutions to fit our clients’ needs. In this article, we will describe in detail one such unconventional solution we created on the basis of Protectimus multifactor authentication — electronic visit verification system. You will learn what electronic visit verification actually is, where it is used and how the EVV solution from Protectimus works. What Is Electronic Visit Verification? Simply put, EVV is an automated solution for home care workers that collects info on the time of attendance and all the necessary details of the care plan. Electronic visit verification software gives such care services as Home Health, Home Care and Hospices an easy and sustainable way of verifying visit activity (type of home care service, individuals receiving and providing the service, date, exact time and location the service was provided at) and ensuring the patients are never neglected, eliminating even the possibility of fraudulent home visit documents. EVV is mandated by a number of states and recommended by those that do not mandate it. The system is widely used by most states and other payers, as it is a far more reliable and effective way of monitoring caregivers than any document signed by hand can be. And with the 21st Century CURES Act passed, it became a requirement for all homecare providing facilities to have EVV adopted by 2023. EVV was invented way back in the 90s, since then the technology has moved worlds ahead, so new ways of implementing EVV are currently in demand. | Read also: Why is healthcare data security so important? How does Protectimus electronic visit verification system work? Time-based one-time passwords generation algorithm (TOTP) allows for calculating the exact time of when the used passwords were generated. This feature is what made it possible for us to build one of the most user-friendly EVV solutions on the market. Protectimus electronic visit verification system can be used with one of these hardware tokens: Protectimus Two, Protectimus Slim or Protectimus Crystal. Here’s how it all works exactly: The homecare provider or facility delivers one of the above-mentioned hardware tokens to a patient’s home. When the appointed healthcare specialist comes for a visitation he or she needs to turn the token on, generate a one-time password and write the provided code down. Once the home visit is done with the healthcare worker needs to generate a second TOTP and write it down as well.These two one-time passwords have to be passed on to the Protectimus electronic visit verification system next. Doing it is very easy — the healthcare specialist simply needs to call a special number and enter the patient’s id number and the two passwords generated during the home visit. The passwords can be sent over to the EVV system in bulk for all the patients visited in a day by the end of that day, or the call can be made after each and every visit.After Protectimus EVV system receives the passwords, it analyses them and provides...

read more

LiteBit 2FA with a hardware token

Posted by on 16:39 in Protectimus Products, Setup Guides | 0 comments

LiteBit 2FA with a hardware token

LiteBit 2FA (two-factor authentication) is mandatory for its users. This cryptocurrency exchange pushes you to set up 2-factor authentication during registration and it’s impossible to skip this step. It is also impossible to disable two-factor authentication in LiteBit, you can only change one authentication method to another. Unfortunately, LiteBit 2FA offers only two options by default: SMS authentication or authenticator app. Neither of these two-factor authentication methods can ensure maximum security. SMS authentication is vulnerable to SIM card replacement, smartphone viruses, and interception of one-time passwords by exploiting the cellular network vulnerabilities. Authenticator apps are also vulnerable to smartphone viruses. Also, people often lose smartphones or have to reset their devices back to factory default settings. This causes a lot of troubles with the recovery of all authentication tokens enrolled in authentication apps. We suggest you choosing hardware tokens for LiteBit 2FA instead. Fortunately, there are Protectimus Slim NFC – programmable hardware TOTP tokens. Protectimus Slim NFC are made to replace authenticator apps on all websites that don’t offer hardware OTP tokens by default. Buy a hardware token for LiteBit All you need to connect Protectimus Slim NFC token to your LiteBit account is an Android smartphone with NFC support and the token itself, of course: Download the application Protectimus TOTP Burner from Google Play.Use this app to scan the QR code with the secret key.Program the hardware token with this secret key via NFC. But let’s describe how to set up LiteBit 2FA with hardware token Protectimus Slim NFC in details. LiteBit 2FA with a hardware token Protectimus Slim NFC 1. Sign in to your account. To avoid phishing make sure you use the right URL: https://www.litebit.eu/ 2. Go to account settings. 3. Find 2FA settings. 4. Click the button “Change your 2FA settings”. 5. Either you use SMS authentication or Authenticator app, you’ll need to change your authentication method to another. Our goal here is to initiate the enrollment of a new secret key for the Authenticator app. So: if you use SMS authentication, just change your LiteBit 2FA settings to Authenticator app;if you use Authenticator app, at first you’ll have to change your LiteBit 2FA settings to SMS, and then back to Authenticator app. 6. So, start changing your LiteBit two-factor authentication method to Authenticator app. Choose “Authenticator app”. 7. You’ll get a 2FA code for SMS authentication deactivation via SMS. Enter it in the corresponding field. 8. You don’t need Google Authenticator, so just skip this step. 9. At last, you’ll see a QR code with the secret key. Use it to program the Protectimus Slim NFC token. The detailed instruction on programming Protectimus SLim NFC token is available here. 10. After the token is programmed, you’ll need to enter the 2FA code from the token in the necessary field. 11. If everything has been done successfully, you’ll see a recovery code. This code will help you to recover access to LiteBit if you lose your token someday. Save it very carefully, nobody should ever get access to this code. Then click the “Complete” button. That’s it. Please, let us know if you have any questions in comments or via...

read more

How to Set Up 2-Factor Authentication on ICE3X

Posted by on 18:57 in Setup Guides | 0 comments

How to Set Up 2-Factor Authentication on ICE3X

This guide has a purpose to explain three things: How to enable 2-factor authentication on ICE3X.How to disable two-factor authentication on ICE3X.How to use a programmable hardware token Protectimus Slim NFC for 2-factor authentication on ICE3X. Learn more about Protectimus Slim NFC token or order one here:  Protectimus Slim NFC The best 2FA token to protect your ICE3X account! How to turn on 2-factor authentication on ICE3X 1. Login to your ICE3X account. To avoid phishing make sure you use the right URL: https://ice3x.com/ 2. Chose Account section at the main page. Just click the necessary icon in the right upper corner. 3. Go to SETTINGS section. Note: If you haven’t enabled 2-factor authentication on ICE3X yet, you’ll see a notification with the fast link to the settings section. You can use it instead. 4. Go to “SECURITY” settings. 5. Enable 2-factor authentication. 6. You will see the QR code with the secret key (seed). Use it to enroll the token in your authentication app or program Protectimus Slim NFC token. 7. Enter the one-time password from your 2-factor authentication app or Protectimus Slim NFC token in the field “2FA code”. Congratulations, your ICE3X account is under protection now! How to disable two-factor authentication on ICE3X To disable 2-factor authentication go to security settings and click “Disable”. Enter the 2FA code from your current token. How to add Protectimus Slim NFC to ICE3X To enable 2-factor authentication with Protectimus Slim NFC token: Make sure that your Android smartphone supports NFC technology and download Protectimus TOTP Burner application.Go to ICE3X security settings.Click the “Enable” button to set up two-factor authentication.Use the QR code with the secret key to program Protectimus Slim NFC. You’ll need to scan the QR code with Protectimus TOTP Burner app and add it to the hardware token via NFC. You’ll find more detailed instruction on programming Protectimus Slim NFC here.Submit the 2FA code from your hardware token in the corresponding field. Note: If you want to add Protectimus SLim NFC for 2-factor authentication on ICE3X and you already have 2FA enabled, at first disable 2-factor authentication. That’s it. Please, let us know if you have any questions in comments or via email...

read more

Keycloak Multi-Factor Authentication With Hardware Tokens

Posted by on 19:33 in Protectimus Products, R&D | 0 comments

Keycloak Multi-Factor Authentication With Hardware Tokens

Nowadays, when hackers constantly look for vulnerabilities, while more and more aspects of life are being digitized, cyber security is of utmost importance and every app developer has to pay special attention to access management. Keycloak is one of the most ingenious solutions created with app developers in mind. It provides an elegant and easy way for securing modern applications and services. With Keycloak comes an easy to roll out Multi-Factor Authentication (MFA) with one-time passwords (OTP). By default, Keycloak multi-factor authentication supports time-based OTP (TOTP) delivered via an authenticator app only. But for those who want to add an extra layer of security for their users, there is a perfect solution — reprogrammable token Protectimus Slim NFC. This token is, basically, programmed to be utilized as a replacement for the mobile authentication app. Buy hardware token for Keycloak MFA Below we provide detailed instructions on: how to configure Keycloak MFAhow your users will set up their hardware Keycloak token Protectimus Slim NFChow to run Keycloak 2FA with other ways of authentication (SMS, email, hardware tokens, chatbots) Keycloak multi-factor authentication configuration Configuring Keycloak multi-factor authentication is very easy and won’t take a lot of your time. Basically, all you need to do is enforce both your existing users and your new users to use one time passwords. Enforcing existing user: Go to your Keycloak admin area, find “Users” in the sidebar menu and select a user from your list. Then navigate to the “Details” tab and select “Configure OTP” in the “Required User Actions” section: Enforcing new users: Select “Authentication” in the sidebar menu in the Keycloak admin area, then find the “Required action” tab, in the top row (“Configure OTP”) check “Default action”. Keycloak two-factor authentication with hardware tokens To hook up Protectimus Slim NFC to Keycloak the following OTP Policies have to be applied: SHA1, TOTP, 30 or 60 seconds period. Find the “OTP Policy” tab in your “Authentication” section in the Keycloak admin area and adjust the required parameters as follows, don’t forget to click the “Save” button: You can read more on the OTP Policies in the official Keycloak documentation. Now your users will be able to follow these simple steps to add Protectimus Slim as the second factor when logging into your apps or services: 1. Download Protectimus TOTP Burner application. 2. Launch our application, click “Burn the seed”, then select the “Scan the QR code” option: 3. After completing the usual login process with username and password the user will have to set up the Mobile Authenticator. This is where they will get the QR code: 4. After the code scanning is done the user needs to turn the token on, place it within the mobile’s NFC antenna range and click “Continue”: 5. After the application provides the confirmation message, Protectimus Slim NFC can be used with your Keycloak protected application or service using Keycloak multi-factor authentication: Keycloak OTP via SMS, email, hard tokens, chatbots Out of the box, Keycloak is an awesome solution for managing security and access. But integrating it with Protectimus multifactor authentication service will expand your protection options, provide more features and make your apps and services truly bulletproof. With Protectimus you will be able to add any MFA method you wish: Keycloak two-factor authentication via email, hardware tokens...

read more

Hardware Tokens for Azure MFA

Posted by on 04:25 in Protectimus Products, Setup Guides | 0 comments

Hardware Tokens for Azure MFA

There are currently two ways to implement an Azure hardware token for Azure Multi-Factor Authentication: With classic OATH tokens for Azure MFA with hard-coded secret keys, such as Protectimus Two and Protectimus Crystal. To make use of one of these you’ll need Azure AD Premium P1 or P2 license.With a programmable hardware tokens for Azure MFA Protectimus Slim NFC which is a replacement for an authentication app from Microsoft. This Azure cloud MFA hardware token does not require a premium subscription account. In this article, we will describe how to set up both types of hardware tokens for Azure token-based authentication. All three devices can be bought here. Buy hardware token for Azure MFA Classic OATH hardware tokens for Azure MFA – how to set up Currently, Azure AD supports tokens with passwords not longer than 128 characters and password life-span of 30 and 60 seconds. Both Protectimus Two and Protectimus Crystal fit these requirements. Once you choose and receive the Azure MFA OATH token you prefer you need to register your token with Azure. Below is the step-by-step guide on this simple process: Step 1. Prepare a CSV file which includes your UPN (user principal name), the serial number of the hardware token Azure MFA, the seed (secret key), time interval, make and model of the Azure AD MFA hardware token. Make sure to include a header row, the result should look something like this: Step 2. Once the CSV file is created and properly formatted it has to be imported. Go to Azure Portal and browse to Azure AD, then to MFA server. On the MFA server page choose OATH tokens and click the “Upload” button. Upload your CSV file; the upload process might take a few minutes. Step 3. Click the “Refresh” button. If the CSV file was uploaded successfully you will see a list of your Azure AD hardware tokens, if the file had an error you will be notified on the same page: File uploaded successfully: File uploaded with errors: Step 4. Now you need to activate your Azure multi-factor authentication hardware token. If you have multiple tokens, you should activate them one by one. Click the “Activate” button at the lattermost column on the right and enter the password generated by the corresponding Azure MFA token. After that, click the “Verify” button. Step 5. Once the MFA server accepts your one-time password you will get a message confirming the activation of the Microsoft Azure token you selected from the list and there should appear a check mark in the corresponding “Activated” column. Now your token is successfully activated and can be used to log in. Programmable hardware tokens for Azure MFA As has already been mentioned above – to use a Microsoft Azure MFA hardware token you need to have a premium subscription. But we know that not everyone is ready to pay 6 euros per month per one user. If you are not ready to pay too, programmable hardware token Protectimus Slim NFC is the way to go for you. These tokens are recognized as authentication apps by the Azure MFA system, so you do not need a premium license to use them. Adding Protectimus Slim NFC as a recognized second factor of authentication to your Azure MFA is pretty straightforward. All...

read more

Office 365 MFA Hardware Token

Posted by on 02:04 in Protectimus Products, Setup Guides | 0 comments

Office 365 MFA Hardware Token

With over 31 million users worldwide Microsoft Office 365 is unsurprisingly a bestseller among the productivity software subscription suits on the market. Its compatibility with the major operating systems (both mobile and desktop), the choice of available apps and the familiarity of the brand make Office 365 an obvious choice for a lot of businesses worldwide, from small companies to huge enterprises. These very reasons and the popularity among businesses make it rather a big target for all kinds of greedy criminals. Being an online platform, with tons of sensitive corporate data stored in the cloud, Office 365 is a low hanging fruit for those hackers. Microsoft understands the vulnerability and supports Multi-Factor Authentication (MFA). The only bulletproof way of fully protecting your info on a cloud server is Office 365 2 factor authentication with a hardware token. In this article, we will give you the detailed instructions on setting up protection with hardware multi-factor authentication token for Office 365 without a premium license. We are also going to address the questions one might have on our own Protectimus Slim NFC token. Buy hardware token for Office 365 Office 365 MFA hardware token – Protectimus Slim NFC Azure AD offers a few standard ways to sign in using 2-factor authentication. You are offered a mobile app to generate random passwords, the system can send you a text with an OTP, or you can choose a phone-call to authorize the sign in. And finally, the most bulletproof way – you can have OTP generated by Microsoft Office 365 MFA hardware token. Now, Microsoft itself does not provide a hardware device, but third-party tools are supported. | Read also: Hardware Tokens for Azure MFA A programmable hardware token is essentially a more protected and trustworthy substitution for a mobile app. Protectimus Slim NFC token is one of the most popular security tokens that work with Office 365. The tool has no Internet connection, so there is absolutely no way your passwords could be intercepted. Protectimus Slim is reprogrammable, this means one device can be reassigned to a different resource over and over again. The programming goes via NFC (Near-field communication) which provides even greater defence. The design and dimensions of this Microsoft Office 365 MFA hardware token are also a factor in its popularity. To protect your data with our OATH hardware token for Office 365 MFA you need to own an Office 365 subscription with 2-factor authentication on and an NFC Android phone. A premium Azure license is not required. | Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods How to add hardware token to Office 365 MFA Setting up hardware 2-factor authentication token Office 365 is easy and straightforward enough, the steps below summarise the process very precisely. 1. Download Protectimus TOTP Burner application on an NFC-enabled Android phone. 2. Browse to this registration page and sign in with your Microsoft corporate login. 3. Click “Use Verification code from app” in the drop-down menu, then check the “Authenticator app” box, press “Configure”. 4. The pop-up window you have on your screen now has a QR code meant for installing the default Microsoft authentication app, that application is able to send notifications to your phone. Since our hardware token cannot do that, you need to...

read more

9 Must Follow Gmail Security Rules

Posted by on 21:39 in R&D | 0 comments

9 Must Follow Gmail Security Rules

Gmail is perhaps the most used email service, with which people exchange terabytes of information daily. A typical account contains lots of personal details such as banking data, digital identities, passwords, trade agreements, etc. Unfortunately, despite the service’s popularity, positive reputation and constant effort of its creators, personal data is not protected enough. Besides hidden security mechanisms that work automatically, there is an array of optional measures that must be activated manually. Nevertheless, most of the latter are unknown to or ignored by the majority of users. Often it does not even take a professional hacker to exploit Google Gmail security vulnerabilities using the basic skills in social engineering. In this article, we will talk about how to secure Gmail account by following the 9 simple rules. 1. Set a Strong Password for Your Gmail Account and Change It Regularly The first thing you need to keep in mind when coming up with a password for your Gmail account is to never use anything personal, such as dates of birth (or any other memorable dates), nicknames, names of animals, etc. In general, everything that a person from your environment may know about you. It is better if it is a random set of letters (in varying case), numbers and special characters. | Read also: How to Choose and Use Strong Passwords If you don’t want to bother inventing such a strong password, just use one of many online generators. And the newly created passwords can be stored in a special password manager (for example, such as this). If you want to change your account password right now, follow these steps: Sign into your Google account and open the homepage;Go to “Security” page and click “Password” in a Signing in to Google” block;Set a new password (you will need to enter the current password to confirm your identity first).   2. Turn the Two Factor Authentication On Gmail two factor authentication is the method, which requires the user not only to carry out the standard authentication procedure (with credentials) but also confirm their identity by entering the one-time code that is generated at their mobile phone by a special app – Google Authenticator or Protectimus Smart OTP. To enable the Gmail 2 factor authentication (2FA), follow these steps: Sign into your Google account and open the homepage;Go to “Security” page and click “2-Step Verification” in a Signing in to Google” block;   Click the “GET STARTED” button at the bottom of the page and enter the current password to confirm your identity;   Choose the desired 2-step verification option: SMS or phone call authentication. You can link your phone number to the Google account and use SMS or phone call authentication.Google Prompt. With Google Prompt you’ll need only to tap one button on your smartphone to sign in. Keep in mind that only those smartphones that are already connected to the same account can be chosen to receive Google Prompt messages.Security key. Security keys are hardware 2-step verification devices that support FIDO standards. Google offers 2 types of security keys – USB Security Key and Bluetooth Security Key. Google sells both devices in one bundle. You’ll need to buy the security key bundle for $50 first.Google Authenticator or another 2FA app. Google Authenticator is a two-factor authentication app where you...

read more

4 Reasons Two-Factor Authentication Isn’t a Panacea

Posted by on 19:07 in Engineering, R&D | 0 comments

4 Reasons Two-Factor Authentication Isn’t a Panacea

Two-factor authentication (2FA) is an indispensable cybersecurity measure used to protect data. Most of the modern information security standards despite the area of application such as PCI DSS, PSD2, HIPAA, etc., demand the multifactor authentication (MFA) among other data protection methods. This approach allows mitigating the danger coming from such attack vectors as brute force password cracking, keylogging, social engineering, phishing, and some kinds of man-in-the-middle attacks. Nevertheless, two-factor-authentication is not a cure-all solution by itself. This is just a single component in a major set of requirements for high-quality data protection. Taking care of data security means implementing a complex plan of actions. For example, this is clearly seen in the in the article 10 Steps to Eliminate Digital Security Risks in Fintech Project where we analyzed the components needed to protect payment gateways from cyber threats. In the current article, we’ll unveil all the weaknesses of two-factor authentication you have to keep in mind when strengthening your security infrastructure with MFA. And, of course, we’ll discuss all possible solutions to these weaknesses. 1. SMS authentication is not secure The US National Institute of Standards and Technology (NIST) recommended every company to abandon SMS authentication as insecure and no longer suitable strong authentication mechanism long ago. But many companies worldwide still opt for SMS to deliver the one-time passwords in their 2FA infrastructures. And it was only three months ago that Reddit has admitted this method to be not as effective and secure as the company was hoping. No doubt, SMS authentication is convenient for companies and users alike. But is this a reliable option? Unfortunately, no. Let us review the SMS authentication vulnerabilities. SIM-card Replacement In most cases, it wouldn’t be a hard task for a dedicated culprit to use a mobile operator’s SIM-card replacement service and intercept a victim’s number. The information needed for this fraud can be found in public sources or bought on the dark web. Network Protocol Vulnerabilities The next potential risk hides in the cellular protocols. And the fact that SMS exchange is not encrypted in any way. The security of SMS transport depends on the cellular network security. There is a number of vulnerabilities in consumer cellular networks as well as methods of exploiting them. Some of the most advanced ones do not even require costly hardware or specific skills. From this point of view, using SMS for security is rather dangerous. Moreover, if to take into account the fact that a usual SMS exchange is not encrypted in any way, an employee of a network center with a proper access can freely read all the messages. Not to mention all the possible ways to intercept the radio transmissions. Malware There are tons of fraudulent software aimed to steal the sensitive data. And mobile device trojans intercepting SMS messages are nothing new. Infection is immediate; the consequences are dire. Malware that ingrained itself into the gadget can play a variety of roles: Intercept the entered login credentials and one-time passwords as well; Track all the sent and received messages; Record the voice calls; Copy the SIM card parameters and contact information; Provide capabilities for remote control; Turn a device into a member of botnet or crypto-currency mining agent, etc. The tech-savvy attacker has nearly unlimited opportunities especially it concerns making use...

read more

Duo Security vs Protectimus

Posted by on 13:50 in Protectimus Products, R&D | 0 comments

Duo Security vs Protectimus

Recently, Cisco declared its intention to purchase Duo Security for US$2.35 billion. Naturally, this is an important event not only for Duo Security, but for the entire multi-factor authentication industry. A sale of this magnitude confirms that the demand for two-factor authentication is higher than ever before. This also shows that there is a demand for simpler, less expensive means of delivering one-time passwords, since Duo prominently advertises its rejection of hardware tokens in favor of 2FA apps, push notifications, and SMS messages (which are expensive and not secure). Protectimus fully supports Duo Security’s efforts to simplify and reduce the cost of OTP delivery, but we remain convinced that security must not be sacrificed in the process. For example, in order to hasten the move away from SMS authentication to more modern, reliable MFA technologies, we’ve figured out how to deliver one-time passwords using chatbots on messaging services. This is much more efficient, secure, and convenient than SMS. Hardware tokens are also among the products we offer, and they can be connected to practically any site: from Google, Facebook, Dropbox, and Slack to cryptocurrency exchanges like Bitfinex, Coinbase, Poloniex, and so on. In light of that, has Cisco made the right decision? Should they maybe have spent $2.35 billion on acquiring Protectimus instead? We’ve decided to compare the solutions from Duo and Protectimus to settle the matter objectively. DON’T LIKE LONG READS? FIND OUR CONCLUSIONS IN A COMPARISON TABLE AT THE END OF THE ARTICLE. 1. Server-side component Duo Security Duo is a cloud-based 2FA solution. The choice of the SaaS model is completely logical. It makes integration fast and reduces the cost of deploying, protecting, and maintaining an authentication server. This style of interaction is convenient and easy for the client and company alike. In addition, it’s a rather modern approach to strong authentication, so it fits well with Duo Security’s concept as a modern, innovative provider of revolutionary MFA solutions. Protectimus Protectimus two-factor authentication solution is available not only in cloud-based form but also as an on-premise platform. Often, we advise customers to choose the cloud-based service, since it’s convenient, fast, and modern. Clients connected to the Protectimus SaaS service don’t need to waste time and money on extra equipment, security measures, and sysadmin salaries — there’s no load balancing or other infrastructure issues to worry about. The result is rapid integration with minimal costs. However, some companies can’t make use of cloud-based services because of strict information security rules, either from within the company or imposed by the government. For these cases, we made it possible to purchase an on-premise platform that clients can install in their own environments, allowing them to retain full control of the authentication server. Both the on-premise platform and cloud-based service are available with a subscription. Lifetime licenses for the platform can also be purchased. You can find out more about the differences between the cloud-based service and the platform here. 2. Features Duo Security Note: Nearly all features examined in this section can be activated only with Duo’s most expensive payment plans, Access and Beyond. Self-service is also available in the Duo MFA basic plan. Duo offers a range of additional features to make administration easy and increase the level of resource access protection: User self-service. Geographic filters. Prohibiting access from...

read more
Share This