Two-Factor Authentication (2FA) is a means to control access to IT systems. It provides greater security than a standard login and password combination. “Two factor” refers to the two components that are required to gain access. Generally, these are: Something you know (a login and password) and something you have or are (a security token, digital certificate, or your fingerprint.)
If your business is subject to regulatory compliance (like HIPAA or PCI) it’s likely that a requirement exists to implement 2FA. If 2FA is not mandated, implementation may still be considered a Best Practice to secure your IT systems.
You may not realize that we tend to use 2FA every day. A debit card is a form of two-factor authentication. In order to access a person’s bank account or to make a purchase, the individual needs to have the physical card as well as knowledge of the PIN number attached to the physical debit card.
2FA adds enhanced security beyond standard login credentials such as a user name and a password. User names and passwords can be compromised through social engineering, malware, or brute force attacks. Adding a second authentication factor makes it a lot more difficult for an unauthorized users to break into the system.
Here are 3 different options for low-cost, two-factor authentication security for small and medium sized businesses:
Duo Endpoint Security
Duo protects any application on any device by continuously collecting and reporting on device data. The platform flags vulnerable and outdated devices to keep potentially compromised items from accessing sensitive business data. Duo defends data through a single cloud-based solution. Duo works by analyzing custom defined policies for each log-in attempt. It looks at factors such as the IP address, geo-location of the user, and the security health of the device trying to gain access. By looking at the entire access scenario, Duo can implement two-factor authentication when necessary through the use of SMS codes or even a physical token – it all depends on what your organization needs.
AuthLite
The AuthLite Two-Factor Authentication System is designed for Windows enterprise network authentication. The system teaches an organizations Active Directory how to understand 2FA natively, which allows organizations to keep existing software by adding two-factor authentication on top of it. AuthLite uses physical access keys called YubiKeys, which are tiny USB drives featuring a specialized button. Once the key is inserted into a system’s USB port, the user presses the key which then creates a special one-time access code. After the code is created, the user enters his or her password to prove “it is really them” and then the system then grants access.
WiKID Systems
WiKID Systems’ two-factor authentication platform is called the WiKID Strong Authentication System (ironically these guys are NOT based in Boston). The system uses asymmetric encryption which delivers one-tome passcodes to software tokens running on PCs or smartphones. As the system uses software-only tokens, organizations can still utilize the protection of 2FA without having to provide users with hardware tokens which they are then responsible for.
2FA is ideal for businesses that need to comply with regulations such as HIPAA or PCI. If you think your business is in need of two-factor authentication, or if you’re not sure – give us a call today.
