January 2nd, 2019
Remember that time you tried to sign on to your Amazon Prime account, and they asked you to enter a 6-digit code that was sent to your phone? That’s two factor authentication.
Passwords are a tricky thing. Nowadays, the requirements for a secure password are becoming more complex. But no matter how complicated your password is, many websites are still asking users to take that extra step of authentication, often in the form of an SMS verification code. Not only do they want to know that you are who you say you are, but they also want you to prove it—and employers are following suit.
There are three classic factors of authentication: knowledge, possession, and inherence. In other words: something you know, something you have, and something you are. All three of these factors have different properties that, on their their own, may be circumvented in some way. For instance, a password is something you know, and it can be easily written down and shared with others. In another case, something you would have, like a key, is less likely to be shared. However, it could get lost or stolen.
Two factor authentication requires at least two of the three factor categories mentioned above in order to gain user access. You can imagine each layer of authentication as a line of defense for your identity. In theory, it would be highly unlikely for a hacker to have access to or steal two independent types of authentication from another individual. Even if they breach one level of security, there’s at least a second wall standing in the way. And when it comes to keeping sensitive company information secure, 2FA has an excellent return on investment for employers.
While multi factor authentication may be annoying to an average user who just wants to check their email, it can play an essential role for businesses of any industry. Multi or two factor authentication (MFA and 2FA, respectively) solutions are primarily recommended to protect data from unauthorized users. However, not all solutions are created equal. As you shop around for the best MFA vendor for your company, keep in mind the needs of your company, such as:
Are you looking at multi factor authentication solutions for your employees or your customers?
Which endpoints and accounts are you looking to protect?
How much security do you need?
How many users are you looking to cover in the short term and long term?
Do you have any compliance requirements that need to be met?
It’s important to have a clear vision of how you want multi factor authentication to work for your company. It will help you to narrow down the list of vendors that will be the right fit for you. Here are additional questions you may want to consider:
What options are provided to generate one-time passwords?
What contingency plans are in place if a user gets locked out, loses their phone or token, etc?
Who has control over user access?
How quickly can access be revoked (for offboarding, vendors, clients, etc.)?
How often do tokens expire or need to be repurchased?
Although two factor authentication solutions are designed to enhance the security of your business, it’s also important to consider the user experience so that the rest of your team will be on board, too!
Duo Security: Duo MFA is a cloud-based solution that offers a variety of authentication methods, including U2F, security tokens, SMS passcodes, phone callbacks, and HOTP for application integrations. They also have bypass codes for temporary access, or if one of your employees loses their phone. Duo offers four different plans based on your needs, ranging from a free plan (for basic credential protection) to their most secure plan at $9 per user, per month. It's also worth mentioning that they recently were acquired by Cisco—the worldwide leader in cybersecurity solutions.
Okta: Okta offers an adaptive multi factor authentication solution, which provides a little bit more flexibility to decide when authentication policies need to be enforced. This allows companies to designate specific authentication factors for different types of users. For example, you may want to apply stronger authentication methods for users that have access to more sensitive data. This is particularly useful for companies that are looking to implement cloud-based security.
SecurAccess: SecurAccess offers token-less two factor authentication solutions for remote access, which is helpful if your business works with remote teams. You can authenticate your identity on any device through a variety of methods, including passcodes through secure emails, soft token apps, real time SMS passcodes, and one-time passcodes.
Trusona: Trusona understands what it feels like to hate passwords, and they are actually trying to eliminate the use of passwords for identity authentication. In fact, they have a #NoPasswords Manifesto on their website. So how does their two factor authentication actually work? Right through one’s phone on the Trusona app, which utilizes touch IDs, QR codes, and even ID scanning. They offer both multi and two factor authentication solutions, depending on the level of security your business is looking for.
Still unsure about which MFA solution is right for your business or if MFA makes sense at all? When your business partners with Electric, not only will you receive network-to-device-level IT support, but we can also provide you with expert recommendations on MFA solutions and implement them at your company. Trust us—it's a lot easier than doing it yourself, especially if it's not even your job.