Blog Feed
Active Directory Two-Factor Authentication
It is hard to manage multiple users and systems, especially when there are not even hundreds, but thousands of them in a network. That’s why businesses and organizations love Microsoft Active Directory. It allows for storing and managing all the information on the organization’s systems, users, their credentials, sites and whatever else you might think of in a network, in one place. But you must agree that this much of fundamentally important information kept in one place makes Active Directory a tidbit for hackers. And simple password-username verification is far from sufficient to protect it all from attacks. This is why multifactor authentication is especially crucial for Active Directory security. Dynamic Strong Password Authentication (DSPA) solution from Protectimus has it well-cowered for you and your users. Adding the second layer of security to all systems and services attached to Active Directory in one go has never been easier. In this article, we will describe in detail how our two-factor authentication solution for Active Directory works, why ours is the easiest approach to Active Directory MFA, which methods of MFA can be used with it and how to get it running. We will also provide answers to the most asked questions on our solution for the Active Directory multi-factor authentication. Download component for Active Directory 2FA How it works Protectimus Dynamic Strong Password Authentication (DSPA) operates via direct Active Directory integration, it simply adds a 6-digit dynamic password to the static user password. These 6 symbols are essentially a one-time time-sensitive pass code that is generated with the TOTP algorithm. This one-time password (OTP) is constantly changing. As a result of the ingenious integration, to get into a Microsoft AD attached account the user needs to enter a combined pass of this configuration — u$erp@ssword123456, the u$erp@ssword part here is the never-changing password devised by the user, admin, or generated by the system itself and the 123456 part is a dynamic OTP generated by Protectimus MFA token. The company’s Active Directory server administrator can set the time-step, in which the OTP is changed, to 30 seconds or more (for example, for 600 seconds). So the DSPA part (those 6 digits OTPs) of the user passwords constantly change according to the timeline determined by the admin. Besides, teams of users can be made to be, or not be subject to the DSPA element in their static passwords; making the two-factor authentication AD required for the most valuable accounts only. | Read also: Two-factor authentication for Windows 7, 8, 10 Advantages of this approach to AD 2-factor authentication 1. Advanced Active Directory security Every regular 2-factor verification arrangement adds the second layer to the endpoints only. As a result, the hackers have a window to bypass 2FA and call the user directory up straightforward. Active Directory domain is easily called up through the Windows command prompt, so the hacker simply needs a user’s credentials (login and password) to act maliciously under their name and no Active Directory 2-factor authentication will be there to stop him. Two-factor authentication Active Directory solution from Protectimus allows to enable the complete system protection and ensure no-one can get into AD without the additional dynamic OTP. 2. Ease of use and maintenance for AD administrators Another issue that our solution for Active Directory two-factor authentication easily fixes...
read moreProtectimus SHARK: A TOTP Token Empowered by SHA-256 Algorithm
Introducing Protectimus SHARK, a cutting-edge hardware TOTP token that supports the SHA-256 hashing algorithm. With Protectimus SHARK, you get a reliable authentication device that generates one-time passwords with unmatched security. Unlike older OTP tokens that used SHA-1, Protectimus SHARK takes a step ahead with the more up-to-date and secure SHA-256 hashing algorithm. This advanced token authentication solution creates an impenetrable barrier against unauthorized access and cyber threats, making it a vital part of a strong 2FA strategy. In this article, we’ll explore the unique advantages of Protectimus SHARK as a TOTP token with SHA-256 algorithm support. Discover its exceptional features and benefits that set it apart from other authentication methods. Learn how Protectimus SHARK enhances the security of your online accounts and data, ensuring a safer and more reliable authentication experience. Buy TOTP token Protectimus SHARK 1. Understanding TOTP Tokens and Hashing Algorithms Two-factor authentication (2FA) has emerged as a powerful defense mechanism to fortify traditional password-based security. At the core of 2FA lies Time-based One-Time Password (TOTP) tokens, which play a crucial role in generating time-sensitive one-time passwords for enhanced security. TOTP tokens serve as a second factor of authentication, providing an additional layer of protection beyond traditional passwords. These small, portable devices generate unique one-time passwords that are valid for a short period, typically 30 or 60 seconds. The dynamic nature of TOTP tokens adds a time-based element, making it extremely difficult for attackers to predict or reuse passwords, even if they manage to intercept them. To ensure the integrity and security of TOTP tokens, robust hashing algorithms come into play. Hashing algorithms are mathematical functions that convert sensitive data, such as shared secrets and current time, into fixed-length hash values. One of the most critical components of TOTP token generation is the choice of a hashing algorithm, as it directly impacts the strength and security of the one-time passwords generated. Use an online TOTP token generator to see how the TOTP algorithm works. Among the various hashing algorithms, SHA-256 stands out as a widely adopted and highly secure choice for TOTP token generation. SHA-256, a member of the SHA-2 family, produces a 256-bit hash value, making it substantially stronger than its predecessor, SHA-1, which generates a 160-bit hash value. This increased hash size significantly expands the potential hash space, making it exceedingly difficult for attackers to reverse-engineer or guess the original input based on the output hash. Compared to the SHA1 hashing algorithm commonly used in TOTP tokens, SHA-256 offers a higher level of cryptographic protection. SHA-1 has been found to possess vulnerabilities, which could potentially compromise the security of TOTP tokens. Therefore, the adoption of SHA-256 in TOTP token generation is crucial to stay ahead of emerging security threats. In the following sections, we will explore the advantages of Protectimus SHARK, a cutting-edge TOTP hardware token with SHA-256 support, and how it elevates the security of online accounts and data in a rapidly evolving digital world. | Read also: Time Drift in TOTP Hardware Tokens Explained and Solved 2. Introducing Protectimus SHARK TOTP Token Protectimus SHARK is a cutting-edge TOTP hardware token that takes two-factor authentication (2FA) to a whole new level. Designed with the latest security measures in mind, Protectimus SHARK stands out with its robust support for the SHA-256 hashing algorithm, making it...
read moreThe Advantages of SHA-256 over SHA-1 for TOTP Token Security
In the realm of TOTP token security, the choice of hash algorithm plays a crucial role. Two popular contenders, SHA-256 and SHA-1, stand apart in terms of their advantages and impact on overall security. In this article, we will delve into the advantages offered by SHA-256 over SHA-1, shedding light on its robustness, compatibility, and resistance to vulnerabilities. By understanding the nuances of these hashing algorithms, you can make informed decisions to enhance the security of your TOTP tokens. Let’s explore the merits of SHA-256 and why it outshines SHA-1 in the realm of TOTP token security. Order SHA-256 TOTP Token Protectimus SHARK 1. Understanding TOTP Tokens and Hashing Algorithms TOTP tokens serve as an additional layer of protection, providing a unique and time-sensitive password for each login attempt. TOTP, or Time-Based One-Time Password, is a mechanism that generates one-time passwords valid for a short period – 30 or 60 seconds. The process of generating TOTP passcodes involves the utilization of a hashing algorithm, such as SHA-1 or SHA-256, to convert a shared secret and the current time into a unique one-time password. This shared secret is typically known to both the server and the user’s device, ensuring that both parties can independently generate the same OTP at any given moment. The time-based element is crucial to the security of TOTP tokens. Both the server and the user’s device must be in sync regarding time. The OTP is valid only for a short window of time, usually 30 seconds, after which it becomes invalid and useless for any future login attempts. This time factor introduces an additional level of complexity for potential attackers trying to predict or brute-force the correct OTP. To fully grasp how TOTP tokens work, it’s essential to delve into the underlying hashing algorithms SHA-1 and SHA-256. But what is a hash? What Is Hash? A hash function takes an input (or ‘message’) and converts it into a fixed-length string of characters, typically a sequence of numbers and letters. This output is commonly referred to as the hash value or hash code. The critical characteristic of a hashing algorithm is that it is a one-way process, meaning that it is computationally infeasible to reverse-engineer the original input from the hash value. This property ensures that sensitive data, such as passwords and TOTP secrets, remains well protected. It’s important to understand the difference between encryption and hashing. While encryption involves transforming data into ciphertext that can be reversed using a specific key, hashing irreversibly transforms data into a fixed-size string of characters (hash). Hash functions like SHA-1 and SHA-256 generate unique hash values that are practically impossible to reverse-engineer, ensuring the security of TOTP tokens. The importance of secure TOTP token generation cannot be overstated. It safeguards sensitive information, strengthens authentication mechanisms, and bolsters the overall security posture of systems implementing 2FA. By adopting robust hashing algorithms like SHA-256, organizations can enhance their defenses against potential threats, providing users with a more secure and reliable authentication experience. See How TOTP Algorithm Works Using TOTP Token Generator 2. Vulnerabilities and Risks of SHA-1 in TOTP Token Systems SHA1, once considered a secure hashing algorithm, has been found to possess several vulnerabilities when used in TOTP token systems. These weaknesses can pose certain security risks, compromising the integrity of...
read moreGoogle Authenticator vs Protectimus SMART: Which Authenticator App with Cloud Backup is Best for Your Security Needs
In the age of digital security, the importance of protecting your online accounts using an authenticator app cannot be overstated. Two-factor authentication (2FA) has emerged as a reliable way to add an extra layer of security to your accounts. Two of the most popular 2FA apps in the market, Protectimus SMART and Google Authenticator, have recently released updates that include a cloud backup feature. This new feature enables users to store their 2FA tokens securely in the cloud and access them on different devices. But which app is better suited for your security needs? In this article, we’ll compare Protectimus SMART and Google Authenticator, with a focus on their cloud backup feature, to help you decide which free authenticator app is right for you. Protectimus SMART Google Authenticator First and Foremost: Cloud Backup Feature Comparison Cloud backup is an important feature of two-factor authentication apps that allows users to backup their authentication tokens to the cloud and restore them on other devices. This feature is especially useful in case a user loses or replaces their device, as it eliminates the need to set up new 2FA tokens from scratch. Both Protectimus SMART and Google Authenticator apps offer cloud backup, but there are differences in the implementation of the feature. Cloud Backup in Google Authenticator Google Authenticator app offers cloud backup through synchronization with the user’s Google account, but without end-to-end encryption. This means that the data is not as secure as it is with Protectimus SMART and is potentially vulnerable to hacking. Cloud Backup in Protectimus SMART Authenticator App In Protectimus SMART MFA app, the cloud backup feature is based on end-to-end encryption, which ensures that the backup data is securely stored and transmitted. Also, in Protectimus SMART authenticator app, the user has the option to download their backup data into an encrypted file, which can then be stored in any secure place of their choosing. While the data is not stored directly in the cloud, this provides an extra layer of security and control for the user. They can choose to keep the encrypted backup file in a safe physical location or upload it to their own cloud storage account for added convenience. This feature is not available in Google Authenticator, as it only offers direct cloud syncing without the option to download and store the backup data elsewhere. Overall, while both mobile authenticators Protectimus SMART and Google Authenticator offer cloud backup, Protectimus SMART’s implementation is more secure and offers additional features to protect the user’s data. | Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods Protectimus SMART Authenticator App: Features and Functionality The Protectimus SMART authenticator offers a range of features that make it a top contender in the 2FA apps market. One of its key advantages is the encrypted cloud backup feature, which ensures that your 2FA codes are safely stored in the cloud and can be easily accessed on different devices. The MFA app also allows for the transfer of tokens to a new phone, as well as the import of tokens from Google Authenticator. It offers PIN and biometric authentication protection through Touch ID and Face ID, and supports all OATH one-time password generation algorithms (HOTP, TOTP, and OCRA). Additionally, the Protcetimus SMART authenticator app provides the ability to receive...
read moreAuthenticator App Protectimus SMART Updated – Now With Encrypted Cloud Backup
Protectimus SMART OTP is a multi-factor authenticator app that has recently been updated with several new features, including an encrypted cloud backup. This feature allows users to securely store their authentication data in the cloud, making it easier to access and manage their accounts from any device. Additionally, the app now offers the ability to: transfer tokens to a new phone;import tokens from Google Authenticator;customize tokens with emojis and descriptions;supports PIN and biometric authentication protection;supports delivery of two-factor push notifications;supports Confirm What You See data signature function for better control over fund operations. With all of these features, Protectimus SMART has become one of the best authenticator apps on the market today, and it remains free to use, making it an ideal solution for those seeking a reliable and secure authenticator app. We will go through all the new features of the Protectimus SMART OTP app and explain how they can help you keep your online accounts secure. So keep reading to learn how Protectimus SMART OTP can enhance your online security! Free 2FA authenticator with cloud backup Protectimus SMART OTP What Is Authenticator App Multi-factor authentication (MFA) apps are a great way to add an extra layer of security to your online accounts. MFA apps generate one-time codes that can be used in addition to a username and password for logging into websites or applications. This additional layer of security makes it much harder for hackers to gain access to your accounts, as they would need both the correct username and password, as well as the code generated by the authenticator app. The best authenticator app will provide features such as secure backup and sync functionality, PIN protection and biometric login options, a user-friendly interface for easy 2FA token generation and management, support for various platforms including iOS and Android, and compatibility with various websites and services. A free authenticator app Protectimus SMART OTP supports all these features and even more. Encrypted Cloud Backup for Added Security The encrypted cloud backup feature in the Protectimus SMART OTP authenticator app update allows users to backup their 2FA authentication data on the cloud in an encrypted format. This means that even if the user’s device is lost or stolen, they can easily recover their authentication data and transfer it to a new device. The feature uses advanced encryption algorithms to ensure that the backup data is secure and cannot be accessed by unauthorized users. Benefits of using the encrypted cloud backup: Easy data recovery: With the encrypted cloud backup feature, the software 2FA authenticator users can easily recover their authentication data in case their device is lost, stolen, or damaged. They can simply restore their data on a new device and continue to use their 2FA enabled accounts without any hassle.Secure data storage: The encrypted cloud backup feature uses advanced encryption algorithms to secure the user’s authentication data. This ensures that the data cannot be accessed by unauthorized users and is safe from hacking attempts.Convenient data transfer: If a user wants to switch to a new device, they can easily transfer their authentication data from the cloud backup to the new device. This eliminates the need to manually transfer the data, which can be time-consuming and prone to errors.Reduces dependency on a single device: By using the encrypted cloud backup...
read moreProtectimus MFA Prices: How to Save with Coupons, Discounts, Referrals, and Subscriptions
Protectimus is a leading provider of two-factor authentication (2FA) solutions and makes it easy to secure your business and personal accounts with strong authentication. But how can you save money on Protectimus 2FA services and tokens? In this article, we will explore MFA prices and show you different ways to save money on Protectimus 2FA services and tokens including using free two factor authentication plans, coupons, bulk discounts, referral programs, and annual subscriptions. We will also explain the pricing structure for each of these options so that you can make an informed decision when purchasing 2FA or MFA products from Protectimus. Understanding Protectimus MFA Prices Protectimus is a cloud-based Multi-Factor Authentication (MFA) platform that helps businesses protect their customer data and accounts with two-factor authentication. It offers a range of pricing plans to meet the needs of different organizations. The pricing for Protectimus MFA rates is based on the number of users, the type of authentication, and the number of transactions. The cost for each plan depends on these parameters and is calculated on a per user basis. This makes it easy to manage costs as your business grows or changes over time. Furthermore, Protectimus also offers discounts for larger volumes, allowing customers to save money when they need more than one authentication solution. MFA Prices for Cloud 2FA Service and On-Prem 2FA Platform Protectimus offers a range of pricing options for its 2FA Cloud Service and On-premise MFA Platform, allowing customers to choose the plan that best suits their needs and budget. The Protectimus pricing structure is designed to be flexible and transparent, with no hidden fees or up-front costs. Customers can enjoy all features even with the free plan, which supports up to 10 users, with all features enabled. For larger organizations, there are several paid plans available, each offering a different level of support and functionality. The Starter plan costs US$33 per month and includes support for one resource and up to 23 users. With the Business plan, priced at US$111 per month, customers can access additional features such as two resources, two filters, one additional administrator, and support for up to 77 users. Protectimus offers a Custom plan starting from US$2 per month, per user for organizations with more complex needs. This plan allows customers to connect any number of users, resources, administrators, and filters, with access to all of Protectimus’s features. The cost of the service depends on the number of users connected, with all additional features enabled by the customer charged separately. For those who need an on-premise solution, Protectimus offers an On-Prem MFA Platform that can be purchased for a minimum price of US$199 for up to 99 users, with lifetime licenses also available. Overall, Protectimus’s pricing structure is competitive, with a cost of support for a single user starting at around US$1.5 per month. Customers pay only for what they need, with no up-front costs, paid consultations, or authentication server maintenance costs (if they don’t need the on-premise platform). The cost per user is significantly lower than that offered by competitors, making Protectimus an affordable and reliable MFA solution. To learn more about Protectimus’s pricing options and features, visit their pricing page. OTP Token Price Guide Protectimus provides a range of hardware OTP tokens, which includes Protectimus Slim NFC, Protectimus Flex, Protectimus Two, and Protectimus...
read moreTOTP Tokens for Electronic Visit Verification (EVV): How They Work
Protectimus offers an Electronic Visit Verification (EVV) system that uses Time-Based One-Time Password (TOTP) generation algorithm for calculating the exact time of visits. The solution uses hardware TOTP tokens as EVV devices, providing a cost-effective and privacy-friendly alternative to traditional EVV methods like GPS tracking or video cameras. Learn more about Protectimus EVV In this article we’ll examine: what is Electronic Visit Verification;what EVV services are offered by the best-known players in the EVV market;how Protectimus TOTP tokens work for EVV systems;what are the advantages of using the Protectimus EVV solution;what companies already use TOTP tokens for Electronic Visit Verificationhow to integrate Protectimus EVV devices into your EVV system and use them most optimally. What Is Electronic Visit Verification (EVV) Electronic Visit Verification (EVV) is a system that verifies the exact time, place, and duration of visits made by home care workers to patients. The purpose of EVV is to ensure that the services provided to patients are authorized and that patients are getting the right care at the right time. With the EVV system, it is easier to track, manage and verify the visits made by care workers, making it an essential part of home care services. What Are the Most Common EVV Methods Here are several methods of implementing an EVV system, including: Mobile App-based EVV: This method involves using a mobile app that the provider can use to check-in and check-out at a client’s location. The app usually requires the provider to enter a unique code or use GPS to verify their location.Web-based EVV: This method involves using a web-based portal for providers to log their arrival and departure times. The portal can be accessed from any device with internet access and requires a username and password for authentication.Telephonic EVV: This method involves using a telephone system to verify the provider’s arrival and departure times. The provider dials a number and answers a series of questions to confirm their arrival and departure.Biometric EVV: This method uses biometric identification technologies, such as fingerprints or facial recognition, to verify the identity of the caregiver and confirm their arrival and departure times.Hardware token-based EVV: This method involves using a small device, known as an hardware TOTP token, that the provider or patient carries with them. The key-fob OTP token can be used to check-in and check-out at the client’s location and is usually connected to a system that verifies the provider’s arrival and departure times. Each method of EVV has its advantages and disadvantages, and the best solution will depend on the needs and preferences of the patient and caregiver. | Read also: TOTP Algorithm Explained What Are the Best Known EVV Systems There are several well-known players in the EVV market, offering various services and solutions. Some of the well-known players in the market are Vesta, HHAeXchange, Sandata EVV, Tellus EVV, and many others. These companies provide different EVV systems and services, but most of them rely on GPS tracking, video cameras, or other invasive methods to verify the visits, which can often lead to privacy concerns for the patients. Vesta: Is a leading provider of EVV software and services. It offers a comprehensive solution for home care providers, including an easy-to-use EVV system and a secure portal for accessing and managing patient information. The EVV methods offered...
read moreOffice 365 MFA Hardware Token
In this article we show how to add a Microsoft Office 365 MFA hardware token Protectimus Slim and Protectimus Flex to your Office 365. You don’t need a premium license to connect these hardware OATH tokens to Office 365 accounts. With over 31 million users worldwide Microsoft Office 365 is unsurprisingly a bestseller among the productivity software subscription suits on the market. Its compatibility with the major operating systems (both mobile and desktop), the choice of available apps and the familiarity of the brand make Office 365 an obvious choice for a lot of businesses worldwide, from small companies to huge enterprises. These very reasons and the popularity among businesses make it rather a big target for all kinds of greedy criminals. Being an online platform, with tons of sensitive corporate data stored in the cloud, Office 365 is a low hanging fruit for those hackers. Microsoft understands the vulnerability and supports Multi-Factor Authentication (MFA). The only bulletproof way of fully protecting your info on a cloud server is Office 365 2 factor authentication with a hardware token. In this article, we will give you the detailed instructions on setting up protection with hardware multi-factor authentication token for Office 365 that can be connected without a premium license. For this task you will need a programmable hardware TOTP token Protectimus Slim NFC or Protectimus Flex that connects to any website like a 2FA authentication app. So we are also going to address the questions one might have on Protectimus Slim NFC and Protectimus Flex hardware OTP tokens. Buy hardware token for Office 365 Office 365 MFA hardware token: Protectimus Slim or Flex Azure AD offers a few standard ways to sign in using 2-factor authentication: You are offered a mobile app to generate time-based one-time passwords; The system can send you a text with a one-time passcode; You can choose a phone-call to authorize the sign in; And finally, the most bulletproof way – you can have OTP generated by Microsoft Office 365 MFA hardware token, now, Microsoft itself does not provide a hardware device, but third-party tools Protectimus Slim and Protectimus Flex are supported. Protectimus Flex Protectimus Slim A programmable hardware token is essentially a more protected and trustworthy substitution for a mobile 2FA app. Protectimus Slim NFC and Protectimus Flex tokens are the most popular security tokens that work with Office 365. The tools have no Internet connection, so there is absolutely no way your OTP passwords could be intercepted. Protectimus Slim and Protectimus Flex are reprogrammable, this means one device can be reassigned to a different resource over and over again. The programming goes via NFC (Near-field communication) which provides even greater defence. Protectimus Flex differs from Protectimus Slim Microsoft Office 365 MFA hardware token only in design. Protectimus Flex looks like a key fob, while Protectimus Slim looks like a plastic card of a mini or a banking size card format. To protect your data with the Protectimus OATH hardware token for Office 365 MFA you need to own an Office 365 subscription with 2-factor authentication on and an NFC Android phone. A premium Azure license is not required. | Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods How to add hardware token to Office 365 MFA Setting up hardware...
read moreProtectimus Customer Stories: 2FA for DXC Technology
DXC Technology — is an international IT corporation that provides services in the field of IT consulting, maintenance of corporate IT equipment, cybersecurity, etc. It includes more than 70 companies from different countries with a staff of more than 130,000 employees. Protectimus provides two-factor authentication services to the Italian division of DXC Technology – Xchanging Italy. Protectimus was chosen because of their unique Dynamic Strong Password Authentication (DSPA) technology. Using this product, we added 2FA to all the systems we needed to protect in one fell swoop, as it allowed us to integrate two-factor authentication services straight with Active Directory. We have been using the Protectimus two-factor authentication platform for a year and are satisfied with this product and the level of support. Mauro S., Information Technology principle engineer at Xchanging Italy a DXC Technology Key tasks for implementing 2FA for Xchanging Italy a DXC Technology Xchanging Italy, part of the DXC Technology group, uses Protectimus’ two-factor authentication solution to secure access to virtually all the enterprise software used by their staff. When choosing a two-factor authentication provider, DXC Technology’s IT engineers looked for a solution that would meet two criteria: allowed them to protect access to all the services used by company employees for work; was relatively easy to connect and configure, as DXC Technology’s IT department wanted to avoid the time-consuming process of integrating two-factor authentication service with each corporate software separately and installing additional 2FA software on workers’ computers. The Protectimus’ unique product, the Protectimus Dynamic Strong Password Authentication (DSPA) solution, meets both requirements. Protectimus DSPA integrates directly with Active Directory, turning user passwords stored in AD into dynamic two-factor passwords. Such a dynamic two-factor auth password (for example, Pa$$code987654) consists of two parts: a standard password (Pa$$code) and a temporary TOTP password (987654). Temporary TOTP password is constantly changing according to the schedule set by the administrator, a time interval must be a multiple of 30 seconds. To receive a time-based one-time password, a user needs a TOTP token. Thus, Protectimus DSPA allows you to add two-factor authentication to all services connected to Active Directory at once. We will describe the Protectimus DSPA technology in more detail below. Xchanging Italy a DXC Technology wanted to solve several challenges with 2FA To protect access to all the software used by company employees. To integrate two-factor authentication into Xchanging Italy corporate infrastructure quickly and efficiently. To deploy two-factor authentication servers in the DXC Technology environment so as not to transfer user information to a third party and ensure maximum protection and fault tolerance of the 2FA system. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus On-Premise 2FA Platform. Protectimus DSPA solution to integrate 2FA directly with Active Directory. 2FA application for generating one-time passwords Protectimus SMART OTP. Protectimus User Self-Service Portal, which allows the Xchanging Italy end users to issue OTP tokens themselves without admin involvement. Challenges and Solutions To protect access to all corporate software with two-factor authentication The unique Protectimus DSPA technology is ideal for this task. The Protectimus two-factor authentication solution is integrated straight away with the user storage (in this case, Active Directory). Protectimus DSPA adds a dynamic part (TOTP one-time password) to the user passwords stored in Active Directory and turns them into dynamic two-factor authentication...
read moreProtectimus Customer Stories: 2FA for SICIM
SICIM is a world leader in the engineering and construction of pipelines, pumping stations, industrial buildings and other facilities for the oil and gas sector We started using Protectimus products in 2021. At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. We needed to secure two systems (Roundcube + Fortigate VPN Client) with one physical 2FA token for each user. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. They also helped us to integrate and set up the two-factor system the way we wanted. There were no problems or failures with the hardware tokens or the backend part so far. Everything works well. Cristian G, System Administrator at SICIM Key tasks for implementing 2FA for SICIM SICIM uses the Protectimus 2-Factor Authentication (2FA) solution to secure access to corporate accounts when users log in using VPN. Also, SICIM uses two-factor authentication to protect access to the employees’ corporate email boxes. It was important for SICIM to find a two-factor authentication provider who is ready to help with the 2FA integration and, if necessary, will customize the 2FA system to respond to the individual requirements of SICIM. Customization of Protectimus two-factor authentication products to the requirements of our clients is one of our profiles, so we made our best to meet SICIM’s interests and added the necessary functionality to the Protectimus Cloud 2FA Service. Let’s discuss the project for the implementation of two-factor authentication for SICIM in more detail. SICIM wanted to solve several challenges with 2FA To protect access to corporate resources when users connect via VPN. To protect access to the employees’ Roundcube webmail accounts with 2FA. To connect hardware two-factor authentication tokens. To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus Cloud Two-Factor Authentication Service; Protectimus RProxy component for integration with VPN client via RADIUS; Protectimus Rouncube component for integration with an email client; Programmable hardware OTP tokens Protectimus Flex; An additional feature has been introduced – the ability to create user aliases. This feature made it possible to use one token for authentication on two different resources. Challenges and Solutions To protect access to corporate SICIM resources when users connect via VPN (Fortigate VPN Client) The Protectimus RADIUS 2FA component was used to integrate the Protectimus two-factor authentication solution with the Fortigate VPN Client. It allows you to connect the Protectimus 2FA service or on-premise platform to any device supporting the RADIUS authentication protocol. Documentation on integrating Protectimus 2FA over the RADIUS protocol is available here. To protect access to the SICIM employees’ webmail accounts (Roundcube) The Protectimus Roundcube 2FA component was used to integrate the Protectimus two-factor authentication solution with the Roundcube email client. This plugin helps to set up a 2FA for Roundcube webmail client in just 15 minutes. Integration instructions are available here. To connect hardware OTP tokens SICIM has chosen the most modern and reliable means...
read more