Early in 2016, the news cycle was dominated by Apple’s and others’ use or encryption and the legal ramifications of government agencies not having the ability to bypass encryption. Similarly, it appears the big tech story of 2017 will be multi-factor authentication. The 2016 election cycle was dominated by the hacking of email and social media accounts. The scope and impact of this has yet to be seen, but it makes one thing perfectly clear: you need to enable multi-factor authentication wherever you can.
Multi-factor authentication is a login method where the user must provide two or more “factors” to gain access to a system. Included in the factors are:
- Something you know (like a user ID and password combo)
- Something you have (usually a token or a software token on a mobile device)
- Something you are (fingerprint, retina scan or other biometrics)
The tried-and-true user ID and password combination is epitome of “single factor authentication.” Even after employing longer and more complex password combinations, single factor authentication is proving easier to defeat on an almost daily basis.
Many service providers have begun supporting “two-step verification” where a code is sent via SMS or email as a stopgap measure. While better than the standard user ID and password, it is not true multi-factor authentication. More accurately, it is more like “multi single factor authentication.” However, this form of authentication has its own set of vulnerabilities.
The current gold standard for multi-factor authentication is using a user ID and password with a token that provides a one-time password (OTP). The OTP is a time-sensitive code provided by a token that expires in a matter of minutes. This method of multi-factor authentication has proven to be much more difficult to bypass.
While protecting your personal accounts for banking and social media is important, just as important is multi-factor in the enterprise. Thanks to recent advances, enabling multi-factor authentication in the enterprise is easier than you think. Securing web applications is one thing, but often overlooked is the desktop/laptop. My favorite for this is SAASPASS.
SAASPASS is a software-as-a-service for enterprise multi-factor authentication. The list of supported cloud applications is impressive. More importantly, you can integrate SAASPASS with your Active Directory and secure your desktops. Additionally, SAASPASS outmatches the competition by functioning while both the token and protected computer are offline. The SAASPASS app is available for iPhone and Android for free.
If you need an on-premises multi-factor authentication solution, the combination of FortiAuthenticator and FortiToken is also a great option. FortiAuthenticator is a fully functioning RADIUS server that supports multi-factor authentication via FortiToken soft tokens. This solution can be used to lock down your VPN connections, Citrix connections, F5 appliances and so on.
Finally, the journey of securing your accounts begins with the first one. Here’s a list of sites that support multi-factor authentication.