Blog Feed
Office 365 MFA Hardware Token
In this article we show how to add a Microsoft Office 365 MFA hardware token Protectimus Slim and Protectimus Flex to your Office 365. You don’t need a premium license to connect these hardware OATH tokens to Office 365 accounts. With over 31 million users worldwide Microsoft Office 365 is unsurprisingly a bestseller among the productivity software subscription suits on the market. Its compatibility with the major operating systems (both mobile and desktop), the choice of available apps and the familiarity of the brand make Office 365 an obvious choice for a lot of businesses worldwide, from small companies to huge enterprises. These very reasons and the popularity among businesses make it rather a big target for all kinds of greedy criminals. Being an online platform, with tons of sensitive corporate data stored in the cloud, Office 365 is a low hanging fruit for those hackers. Microsoft understands the vulnerability and supports Multi-Factor Authentication (MFA). The only bulletproof way of fully protecting your info on a cloud server is Office 365 2 factor authentication with a hardware token. In this article, we will give you the detailed instructions on setting up protection with hardware multi-factor authentication token for Office 365 that can be connected without a premium license. For this task you will need a programmable hardware TOTP token Protectimus Slim NFC or Protectimus Flex that connects to any website like a 2FA authentication app. So we are also going to address the questions one might have on Protectimus Slim NFC and Protectimus Flex hardware OTP tokens. Buy hardware token for Office 365 Office 365 MFA hardware token: Protectimus Slim or Flex Azure AD offers a few standard ways to sign in using 2-factor authentication: You are offered a mobile app to generate time-based one-time passwords; The system can send you a text with a one-time passcode; You can choose a phone-call to authorize the sign in; And finally, the most bulletproof way – you can have OTP generated by Microsoft Office 365 MFA hardware token, now, Microsoft itself does not provide a hardware device, but third-party tools Protectimus Slim and Protectimus Flex are supported. Protectimus Flex Protectimus Slim A programmable hardware token is essentially a more protected and trustworthy substitution for a mobile 2FA app. Protectimus Slim NFC and Protectimus Flex tokens are the most popular security tokens that work with Office 365. The tools have no Internet connection, so there is absolutely no way your OTP passwords could be intercepted. Protectimus Slim and Protectimus Flex are reprogrammable, this means one device can be reassigned to a different resource over and over again. The programming goes via NFC (Near-field communication) which provides even greater defence. Protectimus Flex differs from Protectimus Slim Microsoft Office 365 MFA hardware token only in design. Protectimus Flex looks like a key fob, while Protectimus Slim looks like a plastic card of a mini or a banking size card format. To protect your data with the Protectimus OATH hardware token for Office 365 MFA you need to own an Office 365 subscription with 2-factor authentication on and an NFC Android phone. A premium Azure license is not required. | Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods How to add hardware token to Office 365 MFA Setting up hardware...
read moreProtectimus Customer Stories: 2FA for DXC Technology
DXC Technology — is an international IT corporation that provides services in the field of IT consulting, maintenance of corporate IT equipment, cybersecurity, etc. It includes more than 70 companies from different countries with a staff of more than 130,000 employees. Protectimus provides two-factor authentication services to the Italian division of DXC Technology – Xchanging Italy. Protectimus was chosen because of their unique Dynamic Strong Password Authentication (DSPA) technology. Using this product, we added 2FA to all the systems we needed to protect in one fell swoop, as it allowed us to integrate two-factor authentication services straight with Active Directory. We have been using the Protectimus two-factor authentication platform for a year and are satisfied with this product and the level of support. Mauro S., Information Technology principle engineer at Xchanging Italy a DXC Technology Key tasks for implementing 2FA for Xchanging Italy a DXC Technology Xchanging Italy, part of the DXC Technology group, uses Protectimus’ two-factor authentication solution to secure access to virtually all the enterprise software used by their staff. When choosing a two-factor authentication provider, DXC Technology’s IT engineers looked for a solution that would meet two criteria: allowed them to protect access to all the services used by company employees for work; was relatively easy to connect and configure, as DXC Technology’s IT department wanted to avoid the time-consuming process of integrating two-factor authentication service with each corporate software separately and installing additional 2FA software on workers’ computers. The Protectimus’ unique product, the Protectimus Dynamic Strong Password Authentication (DSPA) solution, meets both requirements. Protectimus DSPA integrates directly with Active Directory, turning user passwords stored in AD into dynamic two-factor passwords. Such a dynamic two-factor auth password (for example, Pa$$code987654) consists of two parts: a standard password (Pa$$code) and a temporary TOTP password (987654). Temporary TOTP password is constantly changing according to the schedule set by the administrator, a time interval must be a multiple of 30 seconds. To receive a time-based one-time password, a user needs a TOTP token. Thus, Protectimus DSPA allows you to add two-factor authentication to all services connected to Active Directory at once. We will describe the Protectimus DSPA technology in more detail below. Xchanging Italy a DXC Technology wanted to solve several challenges with 2FA To protect access to all the software used by company employees. To integrate two-factor authentication into Xchanging Italy corporate infrastructure quickly and efficiently. To deploy two-factor authentication servers in the DXC Technology environment so as not to transfer user information to a third party and ensure maximum protection and fault tolerance of the 2FA system. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus On-Premise 2FA Platform. Protectimus DSPA solution to integrate 2FA directly with Active Directory. 2FA application for generating one-time passwords Protectimus SMART OTP. Protectimus User Self-Service Portal, which allows the Xchanging Italy end users to issue OTP tokens themselves without admin involvement. Challenges and Solutions To protect access to all corporate software with two-factor authentication The unique Protectimus DSPA technology is ideal for this task. The Protectimus two-factor authentication solution is integrated straight away with the user storage (in this case, Active Directory). Protectimus DSPA adds a dynamic part (TOTP one-time password) to the user passwords stored in Active Directory and turns them into dynamic two-factor authentication...
read moreProtectimus Customer Stories: 2FA for SICIM
SICIM is a world leader in the engineering and construction of pipelines, pumping stations, industrial buildings and other facilities for the oil and gas sector We started using Protectimus products in 2021. At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. We needed to secure two systems (Roundcube + Fortigate VPN Client) with one physical 2FA token for each user. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. They also helped us to integrate and set up the two-factor system the way we wanted. There were no problems or failures with the hardware tokens or the backend part so far. Everything works well. Cristian G, System Administrator at SICIM Key tasks for implementing 2FA for SICIM SICIM uses the Protectimus 2-Factor Authentication (2FA) solution to secure access to corporate accounts when users log in using VPN. Also, SICIM uses two-factor authentication to protect access to the employees’ corporate email boxes. It was important for SICIM to find a two-factor authentication provider who is ready to help with the 2FA integration and, if necessary, will customize the 2FA system to respond to the individual requirements of SICIM. Customization of Protectimus two-factor authentication products to the requirements of our clients is one of our profiles, so we made our best to meet SICIM’s interests and added the necessary functionality to the Protectimus Cloud 2FA Service. Let’s discuss the project for the implementation of two-factor authentication for SICIM in more detail. SICIM wanted to solve several challenges with 2FA To protect access to corporate resources when users connect via VPN. To protect access to the employees’ Roundcube webmail accounts with 2FA. To connect hardware two-factor authentication tokens. To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus Cloud Two-Factor Authentication Service; Protectimus RProxy component for integration with VPN client via RADIUS; Protectimus Rouncube component for integration with an email client; Programmable hardware OTP tokens Protectimus Flex; An additional feature has been introduced – the ability to create user aliases. This feature made it possible to use one token for authentication on two different resources. Challenges and Solutions To protect access to corporate SICIM resources when users connect via VPN (Fortigate VPN Client) The Protectimus RADIUS 2FA component was used to integrate the Protectimus two-factor authentication solution with the Fortigate VPN Client. It allows you to connect the Protectimus 2FA service or on-premise platform to any device supporting the RADIUS authentication protocol. Documentation on integrating Protectimus 2FA over the RADIUS protocol is available here. To protect access to the SICIM employees’ webmail accounts (Roundcube) The Protectimus Roundcube 2FA component was used to integrate the Protectimus two-factor authentication solution with the Roundcube email client. This plugin helps to set up a 2FA for Roundcube webmail client in just 15 minutes. Integration instructions are available here. To connect hardware OTP tokens SICIM has chosen the most modern and reliable means...
read moreTwo-Factor Authentication in Online Gambling
Online gambling laws aim to ensure that gaming is conducted honestly, competitively, and without fraudulent practices. In this regard, the major iGaming regulatory authorities always recommended online gambling platforms enable two-factor authentication for their end-users. Moreover, in January 2022, the use of two-factor authentication in iGaming has become mandatory. The Divisions of Gaming Enforcement (DGE), including the New Jersey DGE, Delaware DGE, and Nevada Gaming Control Board, oblige iGaming platforms to enable two-factor authentication for their users. According to the DGE Cyber Security Best Practices, this step is necessary to reduce the risks of identity fraud, payment fraud, and charge back cases in iGaming since more and more online gambling websites experience hacking through fraudulent account access. Protectimus two-factor authentication solution and OTP tokens are easy to integrate with any iGaming software using API, SDK, or an integration plugin. You can protect both the in-house infrastructure of your iGaming business and the end-users accounts with one MFA setup. Two-Factor Authentication Solutions for iGaming Platforms Below we explain how two-factor authentication works and what online risks it prevents and describe all the nuances you need to consider before implementing two-factor authentication to secure your online gaming platform and users. Table of contents How two-factor authentication works Why two-factor authentication is mandatory in online gambling How to add two-factor authentication into your online gaming platform Best practices for implementing 2-factor authentication in iGaming How two-factor authentication works In a nutshell, two-factor authentication is a process that allows the users to prove that they are who they claim to be by presenting two different authentication factors. There are three possible types of authentication factors: something the user knows – usually a password; something the user has – usually a one-time code from the OTP token; something the user is – usually a fingerprint or face ID. Typically, a combination of a password (something the user knows) and a one-time code from the auth token or phone (something the user has) is used for 2-factor authentication. Protectimus allows delivering one-time codes via chat-bots in Messenger or Telegram, SMS, email. Also, the two-factor authentication apps and hardware authentication tokens are available. Read more about different two-factor authentication methods here. Two-factor authentication is used in online gaming security to prevent phishing, social engineering, man-in-the-middle, and brute-force attacks. Even if a fraudster manages to get a user’s password, there is no sense in using it, as the user’s account remains protected with the one-time code valid for 30 seconds. To check one-time passwords, a two-factor authentication server is used, which is integrated with the iGaming solution. The scheme of interaction between the authentication server and OTP tokens is presented below. Why two-factor authentication is mandatory in online gambling Since the popularity of online games began to skyrocket, attackers have focused their efforts on hacking poorly protected online gaming accounts. Credentials stuffing attacks, phishing, brute force, keyloggers, and social engineering are used to get fraudulent access to the gamers’ accounts and then use them for different malevolent activities that vary from payment fraud and identity fraud to money laundering. Online gambling websites collect a lot of personal information from their players to verify their identity remotely. Unfortunately, this is precisely the kind of information needed for identity theft. There isn’t much difference between establishing your identity through...
read moreHardware Tokens for Azure MFA
There are currently two ways to implement an Azure hardware token for Azure Multi-Factor Authentication: With classic OATH tokens for Azure MFA with hard-coded secret keys, such as Protectimus Two. To make use of one of these you’ll need Azure AD Premium P1 or P2 license. With a programmable hardware token for Azure MFA Protectimus Slim NFC or Protectimus Flex which is a replacement for an authentication app from Microsoft. This Azure cloud MFA hardware token does not require a premium subscription account. In this article, we will describe how to set up both types of hardware tokens for Azure token-based authentication. All three devices can be bought here. Buy hardware token for Azure MFA Classic OATH hardware tokens for Azure MFA – how to set up Currently, Azure AD supports tokens with passwords not longer than 128 characters and password life-span of 30 and 60 seconds. Protectimus Two hardware OTP tokens fit these requirements. Once you choose and receive the Azure MFA OATH token you prefer you need to register your token with Azure. Below is the step-by-step guide on this simple process: Step 1. Prepare a CSV file that includes your UPN (user principal name), the serial number of the hardware token Azure MFA, the seed (secret key), time interval, make and model of the Azure AD MFA hardware token. Make sure to include a header row, the result should look something like this: Step 2. Once the CSV file is created and properly formatted it has to be imported. Go to Azure Portal and browse to Azure Active Directory, then to Security and to Multi-Factor Authentication. On the MFA page choose OATH tokens and click the “Upload” button. Upload your CSV file; the upload process might take a few minutes. Step 3. Click the “Refresh” button. If the CSV file was uploaded successfully you will see a list of your Azure AD hardware tokens, if the file had an error you will be notified on the same page: File uploaded successfully: File uploaded with errors: Step 4. Now you need to activate your Azure multi-factor authentication hardware token. If you have multiple tokens, you should activate them one by one. Click the “Activate” button at the lattermost column on the right and enter the password generated by the corresponding Azure MFA token. After that, click the “Verify” button. Step 5. Once the MFA server accepts your one-time password you will get a message confirming the activation of the Microsoft Azure token you selected from the list and there should appear a check mark in the corresponding “Activated” column. Now your token is successfully activated and can be used to log in. Step 6. 2FA settings in the user account. OATH tokens will be automatically set as a main 2FA method. NOTE! If any other 2-factor authentication method is registered for a user, they can use several two-factor authentication methods at once. For example, I activated a 2FA app Protectimus SMART as a 2FA methos, in this case, both one-time passwords from hardware token and 2FA app will work when I enter any of them in this field: If you want to use only a hardware OATH token for Azure 2-factor authentication, login to your account and deactivate other two-factor authentication methods. Go to your account settings...
read moreHow to Backup Google Authenticator or Transfer It to a New Phone
Our regular readers know that we strongly recommend applying two-step verification wherever it’s possible. In the contemporary world, where database leaks are a standing affair, two-step authentication is not an option, it is, in fact, a must. If you use two-factor verification, an intruder would need to get both the unique password you came up with, and the gadget, which produces the verification codes, to break into your account. Thus, two-factor authentication protects from brute force, keyloggers, most cases of phishing and social engineering. It also complicates man-in-the-middle and man-in-the-browser attacks. So why two-factor verification is still unpopular? Sure, it creates an extra step to take to log in, but most users omit it not because of this extra time and effort, but because they are afraid of losing access to their credentials if something goes wrong with their authentication devices. “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” – Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness From all available options of one-time passwords generation or delivery (SMS, emails, hardware and software tokens) most people choose Google Authenticator or other similar applications like Authy, Protectimus Smart etc. Operating principle is pretty much the same for all the software OTP tokens – they generate authentication codes for logging into your account right on your smartphone. Buy Hardware Google Authenticator for $29.99 It’s very convenient to use the smartphone for two-factor verification, but there are always these nagging questions: What do you do if you lose the smartphone which generates your one-time passwords? What occurs if you switch smartphones, do you lose the entire account? How do you transfer Google Authenticator to a new phone? In this article, we will answer these nagging questions and help you protect your invaluable personal data. | Read also: How does 2-factor authentication work? 3 ways to backup Google Authenticator 1. Backup codes Google, as well as some of the other websites where you can protect your user account with two-step authentication, provides backup codes. These are the one-use codes that allow you to login into your account if you lose access to your OTP token. After you use a backup code once it’s gone for good. Most people print out these Google Authenticator backup codes and keep them at hand. It is imperative to understand that Google Authenticator is a multi-token, thus you can enroll many tokens for various websites using one app. Some of these websites provide backup codes, and a user can gain access to these websites if his/her smartphone is lost. But what do you do with the websites which do not support backup codes? Another point against Google Authenticator backup codes is – they are as secure as a password written down on a paper. An intruder can easily copy them if they are in physical vicinity and use them to gain access to your account. Granted, the intruder will have to be among your peers and know the user password, but you know… things happen. Other things that you might want to keep in mind when it comes to printed out backup codes: You do not have them at hand at all times You can lose the paper or destroy it by mistake Only a few services provide them Google Authenticator backup codes...
read moreTop 5 Two-Factor Authentication Products by Protectimus
Protectimus is one of the biggest and most reliable two-factor authentication providers. We’ve been developing cutting-edge 2FA solutions since 2014. Being a coordination member of the OATH Initiative for Open Authentication, Protectimus is one of the strongest voices in the propagation of ubiquitous strong authentication. The main problem Protectimus works on is perfecting multi-factor auth solutions, to make 2FA easier, cheaper, and safer for everyone. All the products we will list below fulfill at least one of those goals. Protectimus Winlogon This is one of the best 2-factor authentication solutions for Windows user accounts and remote desktops currently on the market. The Protectimus Winlogon 2FA solution provides access protection for computers running Windows 7, 8, 8.1, 10 and 11. It will also protect local or remote access to a terminal Windows Server 2012, 2016, 2019, 2022 over RDP. The most brilliant feature of Protectimus Winlogon is that it works even if the computer is not connected to the Internet. This is achieved with the help of backup codes. Normally, the Protectimus Winlogon component communicates with the Protectimus two-factor authentication server to validate one-time passwords. A network connection is required for that. So if the user is unable to connect to the Internet, they can’t log in to their account. But with the backup feature, the user can generate and save a backup code when installing the component. And then use that code instead of a one-time password to log into the account in offline mode. There are, of course, other features worth mentioning: Auto registration of users and tokens;Mass installation on several computers ;Better RDP access (2FA can be switched off for Windows with one-time password asked for RDP only; one- or two-factor auth can be set up for RDP);RDP access filtering with IP and IP access control;Different access policies for RDP and Winlogon;PIN support in Windows 10;Microsoft account support. Protectimus Winlogon setup does not require any special knowledge and can be done in about 15 minutes. The solution is perfect both for corporate and personal use. | Read more: Two-factor authentication for Windows 7, 8, 10, 11 Protectimus Slim NFC and Protectimus Flex These are the first programmable tokens on the market. These hardware tokens are available in card form (Protectimus Slim NFC) and key fob form (Protectimus Flex). Designed as a safer alternative for MFA applications, these devices can be used to protect almost any account. From Google and Office 365 to Azure MFA and 2FA Protectimus system itself. Programmable hardware tokens, unlike the classic ones, can have the seed programmed into the token by the end-user via NFC. These tokens work just like a multifactor authentication app. But the devices can be used to protect one account at a time. And they can be reused, namely, disconnected from one account and connected to another. As we’ve already mentioned, programmable hardware tokens are a much safer alternative to the MFA apps. The one-time passwords for MFA are generated not on the users’ smartphones, but on the tokens. And the tokens have no internet connection, they can not be infected by any viruses. Intercepting such a password is virtually impossible. Both Protectimus Slim NFC and Protectimus Flex come with the time synchronisation feature. This allows us to avoid the time drift problem, the common issue with all TOTP hardware...
read moreAdaptive Authentication or How to Make 2FA Convenient for Users
Any of us is interested in protecting confidential data from becoming the public domain on the web. Especially from people who are looking for such information for fraudulent purposes. The effective methods to avoid the invasion of online privacy are already known. And one of the most accessible ways is protecting access to your accounts with two-factor authentication. But… unfortunately, people don’t always use this option if it’s not mandatory. Just because two-factor authentication is not convenient. Adaptive authentication (or Intelligent Identification as we call it in Protectimus) is a way to organize two-factor authentication so that it becomes convenient for end-users. Adaptive authentication means analyzing behavioral factors typical for the user and asking for a one-time password only if a large number of mismatches is detected. Why nobody likes two-factor authentication Let’s imagine that every time you want to check what’s new on your Facebook account protected with 2FA, you have to go through a complete account login procedure: Enter your login and password. Then wait for an SMS with a one-time password or use your token to generates it. Then, you also need to enter this one-time password into the login form. How much time will this procedure take? And all this is just to browse the news and messages from friends? According to the NordPass research, an average Internet user has around 80 accounts protected with passwords. Of course, people are not ready to follow the procedure described above every time they want to enter their accounts on every website they use. Especially if we talk about the services used many times a day, like social networks or email. That is why users always choose between simplicity and security and often not in favor of the latter. To make the authentication process more user-friendly, adaptive authentication has been invented – an authentication based on behavioral factors analysis. | READ ALSO: SMS Authentication: All Pros and Cons Explained What is adaptive authentication The system of adaptive authentication keeps a record of certain parameters of the device a person uses to access their account. If the analysis of the behavioral factors shows the typical behavior of the user, the login is automatic. And if one or more of them violate the usual ‘course of events, the request for additional confirmation of the user’s identity is needed. In the case of two-factor authentication, it is required to enter a one-time password. For example, let’s recall what happens when you log into your Gmail account. If you use the same device and the same browser, you don’t need to enter your credentials every time you check the mail. But when you try to log in to Gmail from another computer or another browser on the same device, the system will necessarily require entering your password. Sometimes you will also need to answer a secret question or use your OTP token if two-factor authentication is enabled. Google will even send a message about a suspicious sign-in attempt The basis of adaptive authentication consists of behavioral characteristics relatively constant for each user. Among the parameters monitored by the system can be the following: name and version of the browser;the list of installed plug-ins;IP address, location of the computer;the input language;typical session time, a list of opened tabs and other behavioral characteristics of...
read moreHow to Enable Protectimus Self-Service Portal
The Protectimus two-factor authentication service and on-premise platform offer a self-service feature that allows users to independently perform a number of actions related to issuing and managing their OTP tokens and their own data. The system administrator determines which actions are available to users. The list of possible actions includes: registration of new tokens;registration of existing tokens;re-assigning the tokens;unassigning the tokens;tokens synchronization;PIN setup;removing PIN;creating passwords;changing passwords;changing email addresses;changing contact phone numbers;changing logins;changing first names and last names;managing user environment. In this article, we’ll show you how to enable the Protectimus Self-Service Portal. No matter which type of authentication server you choose – the Protectimus SAAS Service or the Protectimus On-premise Two-Factor Authentication Platform, the process of enabling the self-service portal is the same. | Read also: On-Premise 2FA vs Cloud-Based Authentication Important to Know Before Enabling the MFA Self-Service Portal The self-service portal must be enabled and configured separately for each resource. Users must be assigned to an appropriate resource in order to have access to the self-service portal. Users must additionally have a password in Protectimus system or an email address on record. A verification code will be sent to the registered email address to allow users to log into the portal. If a user has both a password and a registered email address, that user will use the password to log in. After a token is issued for a user and assigned to a resource, the user will also be asked to input a password from the token when logging in. You can specify a password, email address, and other information when creating a user. You can also edit existing user records. To edit a user’s information, find them in the list of users and click the user’s login. After doing so, you’ll be taken to the page for viewing user’s detailed information. Next, navigate to the Actions tab and click the Edit button. Make any necessary changes and save them. Some add-on components, such as Protectimus RProxy, can automatically create users that are preconfigured to use the self-service portal. For example, this occurs when RProxy is set up for Citrix NetScaler Gateway. Enabling the Protectimus Self-Service Feature Navigate to the Self-Service tab To enable the self-service feature, open the resource detailed information page by clicking its name in the resource list. Then, navigate to the Self-Service tab. Specify the address at which users will access the portal When you click the link labeled “Enable User’s Self-Service for This Resource,” a window will appear where you can specify the address at which users will access the portal, as shown below. Enter just the final portion of the address, the portal alias, in the field. The full address to the portal will be the authentication server address plus the alias you specified. For example, if you’re using the Protectimus SaaS service, and you specify “portal” as the alias, the link you give to your users will look like this: https://service.protectimus.com/selfservice/portalIf you are running your own instance of the authentication platform on your own premises, the “service.protectimus.com” portion of the address will be replaced with the address to your platform instance. For example: https://localhost:8080/selfservice/portal Set up the list of actions available to users in the self-service portal After clicking Save, you’ll see the list of actions available to your...
read more5 Steps to Prepare your Business for Multifactor Authentication
MFA is usually viewed as a sensible thing to have, and indeed, sometimes your partners or regulators can request setting multifactor authentication up before you can start operating at full capacity. Well, let’s dive into the main specifics of it! So, you are weighing all pros and cons regarding the implementation of MFA authentication in your business. And naturally, you are leaning towards making the best use of it. Setting multi-factor authentication up can be a daunting task, and we’re here to cover all you’d ever need to know about it: What Is MFA and How It Improves Your Business Security Let us first define what is multifactor authentication in general terms, and how it can help you to protect your business. MFA adds additional protection layers to any authentication attempt your employees and users will make to assign to their accounts. Multifactor authentication is a combination of two or more different authentication factors that your trusted users would use to access their accounts: Knowledge-based, aka passwords and secret questions. Most of the data on the Internet is protected by passwords and choosing a good password can be a challenging task in itself. Learn how to choose a strong password that is easy to remember here. Inherence-based, aka biometrics. This one can include fingerprints, voice recognition, and other biometric data. Possession-based, aka additional stuff that you (and only you) might have. It’s usually a small device that generates one-time passwords — OTP token, a phone, or, for example, a banking card. Also, some additional authentication factors can be used over and above the classic three: Location-based, aka IP verification or geographic filters. It tries to utilize the information regarding the proximity of a device and/or its user regarding other devices that are usually used in the authentication. One particular example here would be checking the network the authentication attempt comes from and comparing its parameters to some trusted value. Action-based, aka adding a requirement for a user to participate in some sort of distinct activity. For example, filling out a CAPTCHA. As you see, multifactor authentication can be a very versatile tool, and it depends on the needs of your particular business which authentication methods to choose. Your chosen MFA solution and types of authenticators will depend on the needs of your particular business which are some very particular things, such as the number of your employees; their degree of personal compliance and responsibility; the laws of the country that your office is stationed in; the sensitivity of the data you utilize; the type of service you provide for your clients, and the possibility of THEM losing any of their data when interacting with your business; any sort of certifications that your line of work might demand (such as PCI DDS for finances or HIPPA if you work in healthcare). So, before setting up any solution you must have this information prepared and organized. And there is always an important thing to keep in mind: MFA can protect your data from malicious actors, but it won’t protect it against destructive negligence. As it asks from its users for more involvement, they tend to do ever less. You must efficiently balance asking and delivering: your chosen solution must be secure enough to do its job, and unobtrusive enough to keep...
read more