Blog Feed
Protectimus MFA Prices: How to Save with Coupons, Discounts, Referrals, and Subscriptions
Protectimus is a leading provider of two-factor authentication (2FA) solutions and makes it easy to secure your business and personal accounts with strong authentication. But how can you save money on Protectimus 2FA services and tokens? In this article, we will explore MFA prices and show you different ways to save money on Protectimus 2FA services and tokens including using free two factor authentication plans, coupons, bulk discounts, referral programs, and annual subscriptions. We will also explain the pricing structure for each of these options so that you can make an informed decision when purchasing 2FA or MFA products from Protectimus. Understanding Protectimus MFA Prices Protectimus is a cloud-based Multi-Factor Authentication (MFA) platform that helps businesses protect their customer data and accounts with two-factor authentication. It offers a range of pricing plans to meet the needs of different organizations. The pricing for Protectimus MFA rates is based on the number of users, the type of authentication, and the number of transactions. The cost for each plan depends on these parameters and is calculated on a per user basis. This makes it easy to manage costs as your business grows or changes over time. Furthermore, Protectimus also offers discounts for larger volumes, allowing customers to save money when they need more than one authentication solution. MFA Prices for Cloud 2FA Service and On-Prem 2FA Platform Protectimus offers a range of pricing options for its 2FA Cloud Service and On-premise MFA Platform, allowing customers to choose the plan that best suits their needs and budget. The Protectimus pricing structure is designed to be flexible and transparent, with no hidden fees or up-front costs. Customers can enjoy all features even with the free plan, which supports up to 10 users, with all features enabled. For larger organizations, there are several paid plans available, each offering a different level of support and functionality. The Starter plan costs US$33 per month and includes support for one resource and up to 23 users. With the Business plan, priced at US$111 per month, customers can access additional features such as two resources, two filters, one additional administrator, and support for up to 77 users. Protectimus offers a Custom plan starting from US$2 per month, per user for organizations with more complex needs. This plan allows customers to connect any number of users, resources, administrators, and filters, with access to all of Protectimus’s features. The cost of the service depends on the number of users connected, with all additional features enabled by the customer charged separately. For those who need an on-premise solution, Protectimus offers an On-Prem MFA Platform that can be purchased for a minimum price of US$199 for up to 99 users, with lifetime licenses also available. Overall, Protectimus’s pricing structure is competitive, with a cost of support for a single user starting at around US$1.5 per month. Customers pay only for what they need, with no up-front costs, paid consultations, or authentication server maintenance costs (if they don’t need the on-premise platform). The cost per user is significantly lower than that offered by competitors, making Protectimus an affordable and reliable MFA solution. To learn more about Protectimus’s pricing options and features, visit their pricing page. OTP Token Price Guide Protectimus provides a range of hardware OTP tokens, which includes Protectimus Slim NFC, Protectimus Flex, Protectimus Two, and Protectimus...
read moreTOTP Tokens for Electronic Visit Verification (EVV): How They Work
Protectimus offers an Electronic Visit Verification (EVV) system that uses Time-Based One-Time Password (TOTP) generation algorithm for calculating the exact time of visits. The solution uses hardware TOTP tokens as EVV devices, providing a cost-effective and privacy-friendly alternative to traditional EVV methods like GPS tracking or video cameras. Learn more about Protectimus EVV In this article we’ll examine: what is Electronic Visit Verification;what EVV services are offered by the best-known players in the EVV market;how Protectimus TOTP tokens work for EVV systems;what are the advantages of using the Protectimus EVV solution;what companies already use TOTP tokens for Electronic Visit Verificationhow to integrate Protectimus EVV devices into your EVV system and use them most optimally. What Is Electronic Visit Verification (EVV) Electronic Visit Verification (EVV) is a system that verifies the exact time, place, and duration of visits made by home care workers to patients. The purpose of EVV is to ensure that the services provided to patients are authorized and that patients are getting the right care at the right time. With the EVV system, it is easier to track, manage and verify the visits made by care workers, making it an essential part of home care services. What Are the Most Common EVV Methods Here are several methods of implementing an EVV system, including: Mobile App-based EVV: This method involves using a mobile app that the provider can use to check-in and check-out at a client’s location. The app usually requires the provider to enter a unique code or use GPS to verify their location.Web-based EVV: This method involves using a web-based portal for providers to log their arrival and departure times. The portal can be accessed from any device with internet access and requires a username and password for authentication.Telephonic EVV: This method involves using a telephone system to verify the provider’s arrival and departure times. The provider dials a number and answers a series of questions to confirm their arrival and departure.Biometric EVV: This method uses biometric identification technologies, such as fingerprints or facial recognition, to verify the identity of the caregiver and confirm their arrival and departure times.Hardware token-based EVV: This method involves using a small device, known as an hardware TOTP token, that the provider or patient carries with them. The key-fob OTP token can be used to check-in and check-out at the client’s location and is usually connected to a system that verifies the provider’s arrival and departure times. Each method of EVV has its advantages and disadvantages, and the best solution will depend on the needs and preferences of the patient and caregiver. | Read also: TOTP Algorithm Explained What Are the Best Known EVV Systems There are several well-known players in the EVV market, offering various services and solutions. Some of the well-known players in the market are Vesta, HHAeXchange, Sandata EVV, Tellus EVV, and many others. These companies provide different EVV systems and services, but most of them rely on GPS tracking, video cameras, or other invasive methods to verify the visits, which can often lead to privacy concerns for the patients. Vesta: Is a leading provider of EVV software and services. It offers a comprehensive solution for home care providers, including an easy-to-use EVV system and a secure portal for accessing and managing patient information. The EVV methods offered...
read moreOffice 365 MFA Hardware Token
In this article we show how to add a Microsoft Office 365 MFA hardware token Protectimus Slim and Protectimus Flex to your Office 365. You don’t need a premium license to connect these hardware OATH tokens to Office 365 accounts. With over 31 million users worldwide Microsoft Office 365 is unsurprisingly a bestseller among the productivity software subscription suits on the market. Its compatibility with the major operating systems (both mobile and desktop), the choice of available apps and the familiarity of the brand make Office 365 an obvious choice for a lot of businesses worldwide, from small companies to huge enterprises. These very reasons and the popularity among businesses make it rather a big target for all kinds of greedy criminals. Being an online platform, with tons of sensitive corporate data stored in the cloud, Office 365 is a low hanging fruit for those hackers. Microsoft understands the vulnerability and supports Multi-Factor Authentication (MFA). The only bulletproof way of fully protecting your info on a cloud server is Office 365 2 factor authentication with a hardware token. In this article, we will give you the detailed instructions on setting up protection with hardware multi-factor authentication token for Office 365 that can be connected without a premium license. For this task you will need a programmable hardware TOTP token Protectimus Slim NFC or Protectimus Flex that connects to any website like a 2FA authentication app. So we are also going to address the questions one might have on Protectimus Slim NFC and Protectimus Flex hardware OTP tokens. Buy hardware token for Office 365 Office 365 MFA hardware token: Protectimus Slim or Flex Azure AD offers a few standard ways to sign in using 2-factor authentication: You are offered a mobile app to generate time-based one-time passwords; The system can send you a text with a one-time passcode; You can choose a phone-call to authorize the sign in; And finally, the most bulletproof way – you can have OTP generated by Microsoft Office 365 MFA hardware token, now, Microsoft itself does not provide a hardware device, but third-party tools Protectimus Slim and Protectimus Flex are supported. Protectimus Flex Protectimus Slim A programmable hardware token is essentially a more protected and trustworthy substitution for a mobile 2FA app. Protectimus Slim NFC and Protectimus Flex tokens are the most popular security tokens that work with Office 365. The tools have no Internet connection, so there is absolutely no way your OTP passwords could be intercepted. Protectimus Slim and Protectimus Flex are reprogrammable, this means one device can be reassigned to a different resource over and over again. The programming goes via NFC (Near-field communication) which provides even greater defence. Protectimus Flex differs from Protectimus Slim Microsoft Office 365 MFA hardware token only in design. Protectimus Flex looks like a key fob, while Protectimus Slim looks like a plastic card of a mini or a banking size card format. To protect your data with the Protectimus OATH hardware token for Office 365 MFA you need to own an Office 365 subscription with 2-factor authentication on and an NFC Android phone. A premium Azure license is not required. | Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods How to add hardware token to Office 365 MFA Setting up hardware...
read moreProtectimus Customer Stories: 2FA for DXC Technology
DXC Technology — is an international IT corporation that provides services in the field of IT consulting, maintenance of corporate IT equipment, cybersecurity, etc. It includes more than 70 companies from different countries with a staff of more than 130,000 employees. Protectimus provides two-factor authentication services to the Italian division of DXC Technology – Xchanging Italy. Protectimus was chosen because of their unique Dynamic Strong Password Authentication (DSPA) technology. Using this product, we added 2FA to all the systems we needed to protect in one fell swoop, as it allowed us to integrate two-factor authentication services straight with Active Directory. We have been using the Protectimus two-factor authentication platform for a year and are satisfied with this product and the level of support. Mauro S., Information Technology principle engineer at Xchanging Italy a DXC Technology Key tasks for implementing 2FA for Xchanging Italy a DXC Technology Xchanging Italy, part of the DXC Technology group, uses Protectimus’ two-factor authentication solution to secure access to virtually all the enterprise software used by their staff. When choosing a two-factor authentication provider, DXC Technology’s IT engineers looked for a solution that would meet two criteria: allowed them to protect access to all the services used by company employees for work; was relatively easy to connect and configure, as DXC Technology’s IT department wanted to avoid the time-consuming process of integrating two-factor authentication service with each corporate software separately and installing additional 2FA software on workers’ computers. The Protectimus’ unique product, the Protectimus Dynamic Strong Password Authentication (DSPA) solution, meets both requirements. Protectimus DSPA integrates directly with Active Directory, turning user passwords stored in AD into dynamic two-factor passwords. Such a dynamic two-factor auth password (for example, Pa$$code987654) consists of two parts: a standard password (Pa$$code) and a temporary TOTP password (987654). Temporary TOTP password is constantly changing according to the schedule set by the administrator, a time interval must be a multiple of 30 seconds. To receive a time-based one-time password, a user needs a TOTP token. Thus, Protectimus DSPA allows you to add two-factor authentication to all services connected to Active Directory at once. We will describe the Protectimus DSPA technology in more detail below. Xchanging Italy a DXC Technology wanted to solve several challenges with 2FA To protect access to all the software used by company employees. To integrate two-factor authentication into Xchanging Italy corporate infrastructure quickly and efficiently. To deploy two-factor authentication servers in the DXC Technology environment so as not to transfer user information to a third party and ensure maximum protection and fault tolerance of the 2FA system. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus On-Premise 2FA Platform. Protectimus DSPA solution to integrate 2FA directly with Active Directory. 2FA application for generating one-time passwords Protectimus SMART OTP. Protectimus User Self-Service Portal, which allows the Xchanging Italy end users to issue OTP tokens themselves without admin involvement. Challenges and Solutions To protect access to all corporate software with two-factor authentication The unique Protectimus DSPA technology is ideal for this task. The Protectimus two-factor authentication solution is integrated straight away with the user storage (in this case, Active Directory). Protectimus DSPA adds a dynamic part (TOTP one-time password) to the user passwords stored in Active Directory and turns them into dynamic two-factor authentication...
read moreProtectimus Customer Stories: 2FA for SICIM
SICIM is a world leader in the engineering and construction of pipelines, pumping stations, industrial buildings and other facilities for the oil and gas sector We started using Protectimus products in 2021. At the moment, my assessment of the company’s work is 10 out of 10. An important factor in choosing this two-factor authentication provider was the possibility of customizing the 2FA system for our project. We needed to secure two systems (Roundcube + Fortigate VPN Client) with one physical 2FA token for each user. After we got in touch with the Protectimus team and explained the task, they implemented the necessary functionality for us free of charge. They also helped us to integrate and set up the two-factor system the way we wanted. There were no problems or failures with the hardware tokens or the backend part so far. Everything works well. Cristian G, System Administrator at SICIM Key tasks for implementing 2FA for SICIM SICIM uses the Protectimus 2-Factor Authentication (2FA) solution to secure access to corporate accounts when users log in using VPN. Also, SICIM uses two-factor authentication to protect access to the employees’ corporate email boxes. It was important for SICIM to find a two-factor authentication provider who is ready to help with the 2FA integration and, if necessary, will customize the 2FA system to respond to the individual requirements of SICIM. Customization of Protectimus two-factor authentication products to the requirements of our clients is one of our profiles, so we made our best to meet SICIM’s interests and added the necessary functionality to the Protectimus Cloud 2FA Service. Let’s discuss the project for the implementation of two-factor authentication for SICIM in more detail. SICIM wanted to solve several challenges with 2FA To protect access to corporate resources when users connect via VPN. To protect access to the employees’ Roundcube webmail accounts with 2FA. To connect hardware two-factor authentication tokens. To set up a two-factor authentication system so that employees can use the same hardware 2FA token both to log into their email and connect to the corporate account via VPN. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus Cloud Two-Factor Authentication Service; Protectimus RProxy component for integration with VPN client via RADIUS; Protectimus Rouncube component for integration with an email client; Programmable hardware OTP tokens Protectimus Flex; An additional feature has been introduced – the ability to create user aliases. This feature made it possible to use one token for authentication on two different resources. Challenges and Solutions To protect access to corporate SICIM resources when users connect via VPN (Fortigate VPN Client) The Protectimus RADIUS 2FA component was used to integrate the Protectimus two-factor authentication solution with the Fortigate VPN Client. It allows you to connect the Protectimus 2FA service or on-premise platform to any device supporting the RADIUS authentication protocol. Documentation on integrating Protectimus 2FA over the RADIUS protocol is available here. To protect access to the SICIM employees’ webmail accounts (Roundcube) The Protectimus Roundcube 2FA component was used to integrate the Protectimus two-factor authentication solution with the Roundcube email client. This plugin helps to set up a 2FA for Roundcube webmail client in just 15 minutes. Integration instructions are available here. To connect hardware OTP tokens SICIM has chosen the most modern and reliable means...
read moreTwo-Factor Authentication in Online Gambling
Online gambling laws aim to ensure that gaming is conducted honestly, competitively, and without fraudulent practices. In this regard, the major iGaming regulatory authorities always recommended online gambling platforms enable two-factor authentication for their end-users. Moreover, in January 2022, the use of two-factor authentication in iGaming has become mandatory. The Divisions of Gaming Enforcement (DGE), including the New Jersey DGE, Delaware DGE, and Nevada Gaming Control Board, oblige iGaming platforms to enable two-factor authentication for their users. According to the DGE Cyber Security Best Practices, this step is necessary to reduce the risks of identity fraud, payment fraud, and charge back cases in iGaming since more and more online gambling websites experience hacking through fraudulent account access. Protectimus two-factor authentication solution and OTP tokens are easy to integrate with any iGaming software using API, SDK, or an integration plugin. You can protect both the in-house infrastructure of your iGaming business and the end-users accounts with one MFA setup. Two-Factor Authentication Solutions for iGaming Platforms Below we explain how two-factor authentication works and what online risks it prevents and describe all the nuances you need to consider before implementing two-factor authentication to secure your online gaming platform and users. Table of contents How two-factor authentication works Why two-factor authentication is mandatory in online gambling How to add two-factor authentication into your online gaming platform Best practices for implementing 2-factor authentication in iGaming How two-factor authentication works In a nutshell, two-factor authentication is a process that allows the users to prove that they are who they claim to be by presenting two different authentication factors. There are three possible types of authentication factors: something the user knows – usually a password; something the user has – usually a one-time code from the OTP token; something the user is – usually a fingerprint or face ID. Typically, a combination of a password (something the user knows) and a one-time code from the auth token or phone (something the user has) is used for 2-factor authentication. Protectimus allows delivering one-time codes via chat-bots in Messenger or Telegram, SMS, email. Also, the two-factor authentication apps and hardware authentication tokens are available. Read more about different two-factor authentication methods here. Two-factor authentication is used in online gaming security to prevent phishing, social engineering, man-in-the-middle, and brute-force attacks. Even if a fraudster manages to get a user’s password, there is no sense in using it, as the user’s account remains protected with the one-time code valid for 30 seconds. To check one-time passwords, a two-factor authentication server is used, which is integrated with the iGaming solution. The scheme of interaction between the authentication server and OTP tokens is presented below. Why two-factor authentication is mandatory in online gambling Since the popularity of online games began to skyrocket, attackers have focused their efforts on hacking poorly protected online gaming accounts. Credentials stuffing attacks, phishing, brute force, keyloggers, and social engineering are used to get fraudulent access to the gamers’ accounts and then use them for different malevolent activities that vary from payment fraud and identity fraud to money laundering. Online gambling websites collect a lot of personal information from their players to verify their identity remotely. Unfortunately, this is precisely the kind of information needed for identity theft. There isn’t much difference between establishing your identity through...
read moreHardware Tokens for Azure MFA
There are currently two ways to implement an Azure hardware token for Azure Multi-Factor Authentication: With classic OATH tokens for Azure MFA with hard-coded secret keys, such as Protectimus Two. To make use of one of these you’ll need Azure AD Premium P1 or P2 license. With a programmable hardware token for Azure MFA Protectimus Slim NFC or Protectimus Flex which is a replacement for an authentication app from Microsoft. This Azure cloud MFA hardware token does not require a premium subscription account. In this article, we will describe how to set up both types of hardware tokens for Azure token-based authentication. All three devices can be bought here. Buy hardware token for Azure MFA Classic OATH hardware tokens for Azure MFA – how to set up Currently, Azure AD supports tokens with passwords not longer than 128 characters and password life-span of 30 and 60 seconds. Protectimus Two hardware OTP tokens fit these requirements. Once you choose and receive the Azure MFA OATH token you prefer you need to register your token with Azure. Below is the step-by-step guide on this simple process: Step 1. Prepare a CSV file that includes your UPN (user principal name), the serial number of the hardware token Azure MFA, the seed (secret key), time interval, make and model of the Azure AD MFA hardware token. Make sure to include a header row, the result should look something like this: Step 2. Once the CSV file is created and properly formatted it has to be imported. Go to Azure Portal and browse to Azure Active Directory, then to Security and to Multi-Factor Authentication. On the MFA page choose OATH tokens and click the “Upload” button. Upload your CSV file; the upload process might take a few minutes. Step 3. Click the “Refresh” button. If the CSV file was uploaded successfully you will see a list of your Azure AD hardware tokens, if the file had an error you will be notified on the same page: File uploaded successfully: File uploaded with errors: Step 4. Now you need to activate your Azure multi-factor authentication hardware token. If you have multiple tokens, you should activate them one by one. Click the “Activate” button at the lattermost column on the right and enter the password generated by the corresponding Azure MFA token. After that, click the “Verify” button. Step 5. Once the MFA server accepts your one-time password you will get a message confirming the activation of the Microsoft Azure token you selected from the list and there should appear a check mark in the corresponding “Activated” column. Now your token is successfully activated and can be used to log in. Step 6. 2FA settings in the user account. OATH tokens will be automatically set as a main 2FA method. NOTE! If any other 2-factor authentication method is registered for a user, they can use several two-factor authentication methods at once. For example, I activated a 2FA app Protectimus SMART as a 2FA methos, in this case, both one-time passwords from hardware token and 2FA app will work when I enter any of them in this field: If you want to use only a hardware OATH token for Azure 2-factor authentication, login to your account and deactivate other two-factor authentication methods. Go to your account settings...
read moreHow to Backup Google Authenticator or Transfer It to a New Phone
Our regular readers know that we strongly recommend applying two-step verification wherever it’s possible. In the contemporary world, where database leaks are a standing affair, two-step authentication is not an option, it is, in fact, a must. If you use two-factor verification, an intruder would need to get both the unique password you came up with, and the gadget, which produces the verification codes, to break into your account. Thus, two-factor authentication protects from brute force, keyloggers, most cases of phishing and social engineering. It also complicates man-in-the-middle and man-in-the-browser attacks. So why two-factor verification is still unpopular? Sure, it creates an extra step to take to log in, but most users omit it not because of this extra time and effort, but because they are afraid of losing access to their credentials if something goes wrong with their authentication devices. “As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” – Newton Lee, Counterterrorism and Cybersecurity: Total Information Awareness From all available options of one-time passwords generation or delivery (SMS, emails, hardware and software tokens) most people choose Google Authenticator or other similar applications like Authy, Protectimus Smart etc. Operating principle is pretty much the same for all the software OTP tokens – they generate authentication codes for logging into your account right on your smartphone. Buy Hardware Google Authenticator for $29.99 It’s very convenient to use the smartphone for two-factor verification, but there are always these nagging questions: What do you do if you lose the smartphone which generates your one-time passwords? What occurs if you switch smartphones, do you lose the entire account? How do you transfer Google Authenticator to a new phone? In this article, we will answer these nagging questions and help you protect your invaluable personal data. | Read also: How does 2-factor authentication work? 3 ways to backup Google Authenticator 1. Backup codes Google, as well as some of the other websites where you can protect your user account with two-step authentication, provides backup codes. These are the one-use codes that allow you to login into your account if you lose access to your OTP token. After you use a backup code once it’s gone for good. Most people print out these Google Authenticator backup codes and keep them at hand. It is imperative to understand that Google Authenticator is a multi-token, thus you can enroll many tokens for various websites using one app. Some of these websites provide backup codes, and a user can gain access to these websites if his/her smartphone is lost. But what do you do with the websites which do not support backup codes? Another point against Google Authenticator backup codes is – they are as secure as a password written down on a paper. An intruder can easily copy them if they are in physical vicinity and use them to gain access to your account. Granted, the intruder will have to be among your peers and know the user password, but you know… things happen. Other things that you might want to keep in mind when it comes to printed out backup codes: You do not have them at hand at all times You can lose the paper or destroy it by mistake Only a few services provide them Google Authenticator backup codes...
read moreTop 5 Two-Factor Authentication Products by Protectimus
Protectimus is one of the biggest and most reliable two-factor authentication providers. We’ve been developing cutting-edge 2FA solutions since 2014. Being a coordination member of the OATH Initiative for Open Authentication, Protectimus is one of the strongest voices in the propagation of ubiquitous strong authentication. The main problem Protectimus works on is perfecting multi-factor auth solutions, to make 2FA easier, cheaper, and safer for everyone. All the products we will list below fulfill at least one of those goals. Protectimus Winlogon This is one of the best 2-factor authentication solutions for Windows user accounts and remote desktops currently on the market. The Protectimus Winlogon 2FA solution provides access protection for computers running Windows 7, 8, 8.1, 10 and 11. It will also protect local or remote access to a terminal Windows Server 2012, 2016, 2019, 2022 over RDP. The most brilliant feature of Protectimus Winlogon is that it works even if the computer is not connected to the Internet. This is achieved with the help of backup codes. Normally, the Protectimus Winlogon component communicates with the Protectimus two-factor authentication server to validate one-time passwords. A network connection is required for that. So if the user is unable to connect to the Internet, they can’t log in to their account. But with the backup feature, the user can generate and save a backup code when installing the component. And then use that code instead of a one-time password to log into the account in offline mode. There are, of course, other features worth mentioning: Auto registration of users and tokens;Mass installation on several computers ;Better RDP access (2FA can be switched off for Windows with one-time password asked for RDP only; one- or two-factor auth can be set up for RDP);RDP access filtering with IP and IP access control;Different access policies for RDP and Winlogon;PIN support in Windows 10;Microsoft account support. Protectimus Winlogon setup does not require any special knowledge and can be done in about 15 minutes. The solution is perfect both for corporate and personal use. | Read more: Two-factor authentication for Windows 7, 8, 10, 11 Protectimus Slim NFC and Protectimus Flex These are the first programmable tokens on the market. These hardware tokens are available in card form (Protectimus Slim NFC) and key fob form (Protectimus Flex). Designed as a safer alternative for MFA applications, these devices can be used to protect almost any account. From Google and Office 365 to Azure MFA and 2FA Protectimus system itself. Programmable hardware tokens, unlike the classic ones, can have the seed programmed into the token by the end-user via NFC. These tokens work just like a multifactor authentication app. But the devices can be used to protect one account at a time. And they can be reused, namely, disconnected from one account and connected to another. As we’ve already mentioned, programmable hardware tokens are a much safer alternative to the MFA apps. The one-time passwords for MFA are generated not on the users’ smartphones, but on the tokens. And the tokens have no internet connection, they can not be infected by any viruses. Intercepting such a password is virtually impossible. Both Protectimus Slim NFC and Protectimus Flex come with the time synchronisation feature. This allows us to avoid the time drift problem, the common issue with all TOTP hardware...
read moreAdaptive Authentication or How to Make 2FA Convenient for Users
Any of us is interested in protecting confidential data from becoming the public domain on the web. Especially from people who are looking for such information for fraudulent purposes. The effective methods to avoid the invasion of online privacy are already known. And one of the most accessible ways is protecting access to your accounts with two-factor authentication. But… unfortunately, people don’t always use this option if it’s not mandatory. Just because two-factor authentication is not convenient. Adaptive authentication (or Intelligent Identification as we call it in Protectimus) is a way to organize two-factor authentication so that it becomes convenient for end-users. Adaptive authentication means analyzing behavioral factors typical for the user and asking for a one-time password only if a large number of mismatches is detected. Why nobody likes two-factor authentication Let’s imagine that every time you want to check what’s new on your Facebook account protected with 2FA, you have to go through a complete account login procedure: Enter your login and password. Then wait for an SMS with a one-time password or use your token to generates it. Then, you also need to enter this one-time password into the login form. How much time will this procedure take? And all this is just to browse the news and messages from friends? According to the NordPass research, an average Internet user has around 80 accounts protected with passwords. Of course, people are not ready to follow the procedure described above every time they want to enter their accounts on every website they use. Especially if we talk about the services used many times a day, like social networks or email. That is why users always choose between simplicity and security and often not in favor of the latter. To make the authentication process more user-friendly, adaptive authentication has been invented – an authentication based on behavioral factors analysis. | READ ALSO: SMS Authentication: All Pros and Cons Explained What is adaptive authentication The system of adaptive authentication keeps a record of certain parameters of the device a person uses to access their account. If the analysis of the behavioral factors shows the typical behavior of the user, the login is automatic. And if one or more of them violate the usual ‘course of events, the request for additional confirmation of the user’s identity is needed. In the case of two-factor authentication, it is required to enter a one-time password. For example, let’s recall what happens when you log into your Gmail account. If you use the same device and the same browser, you don’t need to enter your credentials every time you check the mail. But when you try to log in to Gmail from another computer or another browser on the same device, the system will necessarily require entering your password. Sometimes you will also need to answer a secret question or use your OTP token if two-factor authentication is enabled. Google will even send a message about a suspicious sign-in attempt The basis of adaptive authentication consists of behavioral characteristics relatively constant for each user. Among the parameters monitored by the system can be the following: name and version of the browser;the list of installed plug-ins;IP address, location of the computer;the input language;typical session time, a list of opened tabs and other behavioral characteristics of...
read more