Two-factor authentication (2FA) is a high level security measure that is designed to safeguard against unauthorized access into a company server or online account. Many businesses require the second layer of verification to anyone that needs to gain access into the company server. The companies that utilize the features of a managed service provider (MSP) recognize that the additional layer of safeguarding can minimize the potential of breaches and compromised accounts.
The Problem with Passwords
There are significant problems when companies rely simply on gaining access to online accounts and their intranet using nothing more than a username/password combination. The inability of the single factor can cause major problems when hackers gain access to crucial, confidential information concerning the company’s database. Many employees either create weak passwords that are easy to guess, or complex passwords that are easy to forget. Because of that, a managed service provider will often initiate strict policies and procedures of developing a stronger password. The MSP will often incorporate a second layer of verification (multi-factor authentication) on every login to the company server or online account.
The Process of MFA
Multi-factor authentication is a simple concept that requires an additional layer or two of verification before allowing access into a restricted account. The single or first layer of authentication is still required with an input of the username and associated password. However, an additional layer will also be required when the user is prompted for an additional input. This can be obtained in a variety of ways including through biometric measurements (a fingerprint scan, voice pattern, etc.), a hardware token (key fob, swipe card, smart card, etc.) or through multi-factor authentication software (a smart phone software token, desktop token, etc.).
Some MSPs will actually incorporate multi-factors into the authentication process by requiring two or more layers of additional input after the acceptance of the username/word password combination.
Multi-Factor Authentication Software
Since the launching of the first soft token, incorporating multi-factor authentication using software seems to make better sense than any other option. Biometric measurements including iris scans, voice patterns and handwriting analysis will require an additional specific device to obtain the information. Hardware tokens need to be present at all times to be utilized. However, multi-factor authentication software can be downloaded to any mobile device or desktop computer. Studies indicate that while individuals often leave their hardware token at the office, at home, or in the car, they rarely, if ever forget to bring along their smart phone, tablet or other mobile device.
Every company employee will likely have access to their smart phone at all times. Because of that, companies can save a tremendous expense of providing hardware tokens or password generators to every employee by simply allowing them to use their own device (their smart phone).
Incorporating multi-factor verification is not just a process of sending a one-time password as a way to gain access into a restricted account. Through SMS, text messages can be sent to a user that is out-of-band to provide verification of his or her credentials. Even DTMF verification methods are available using voice technology, as is utilized by the banking and financial industries.
Sending an SMS text is not the only method for delivering single-use passwords over the phone. Some companies deliver single-use passwords through a phone call. This allows a company to extend the ability to obtain the second layer of verification on both a mobile device and a landline telephone as well.
There is another significant advantage to using multi-factor authentication software over biometric measures and hardware tokens. The need to provide a device that can either scan a biometric measurement or produce a single-use password through a hardware token can increase the potential for failure. Should the device break at some point, or be lost or stolen, the unit is gone forever. However, software tokens generated on smart phones owned by employees will likely be available no matter what the condition of the phone. If the smart phone is lost, stolen or outdated, the employee will simply acquire a new one and gain instant access to their software application to obtain their next single-use password, at no cost to the company.
With all the available options for providing the second layer of authentication when verifying the credentials of an online user, it is important to choose wisely. While every method has its advantages and disadvantages, it appears as though multi-factor authentication software makes the most sense. It provides an easy solution for the company that does not have to purchase additional equipment. It offers the employee an easy way to gain access into their restricted accounts using a device they always carry with them.
Whatever method is decided by the company and their managed service provider, adding the additional second layer of authentication will help maximize the security of the company’s confidential information.
Want to learn more? Download our free eBook below.