Two-Factor & Multi-Factor Authentication (2FA/MFA) Solutions
An additional layer of security for your business systems.
Deploying 2FA/MFA is Easier Than Ever
Microsoft Authenticator & Cisco Duo Available
2FA/MFA is Affordable and Easily Scalable
Cloud Based Solutions = No Hardware/Software Required
What is Two-Factor (2FA) & Multi-Factor (MFA) Authentication?
2FA/MFA helps ensure only authorized users can access your systems.
Multi-Factor Authentication (MFA) is a verification method in which a user is granted system access only after two or more authentication factors have been provided to the system; generally something only the user would know (ex. passphrase), something only the user would possess (ex. code from a smartphone), and something the user is (ex. fingerprint).
Two-Factor Authentication (2FA) is a subtype of multi-factor authentication (MFA). It is a verification method for affirming a user’s identity by combining at least two of the distinct factors discussed above.
The textbook example often used when discussing two factor authentication (2FA) is that of using an ATM machine. Using an ATM requires a combination of something the user would possess (ex. bankcard), and something the user would know (ex. pin-code). Without these two separate factors, a transaction at the ATM is not possible.
Two-factor (2FA) and multi-factor authentication (MFA) are becoming increasingly popular mechanisms to help prevent unauthorized use of both internal and cloud-based systems. With the world becoming evermore interconnected, criminals the world over can probe our systems 24/7 using automated tools to simply guess user/pass combos until they get lucky. 2FA and MFA add an additional authentication layer to the typical process of logging into a system thereby frustrating attempts to gain unauthorized access to your business systems.
2FA typically works by requiring users to respond to a pop-up on their mobile phones in addition to entering their passwords into a system. After successfully authenticating against the system in question, a confirmation pop-up will be sent to a 2FA app on the user’s mobile device. The user can simply tap “approve” on the message sent to their app, and they are immediately allowed into the system. If a hacker successfully guesses a user’s password, they are not with ease also going to be able to hack the user’s 2FA/MFA system. In a case such as this, the user would be getting notifications from the system, letting them know that someone has successfully determined their password.
Another common method for 2FA is to require the user to input a random code that is generated by an app on their smartphone. Because the code changes every few minutes, it becomes almost impossible for a cyber-criminal to unauthorized access to a user’s account even when knowing the password.
No security system is entirely bulletproof however. If a hacker managed to access or circumvent multiple of a user’s authentication factors simultaneously, the hacker could of course gain access. For the hacker however, accomplishing multiple of these feats concurrently is more difficult.
2FA/MFA Helps Prevent Unauthorized System Access
2FA/MFA helps takes security beyond just a password, to further verify a user’s identity.
How Two-Factor/Multi-Factor (2FA/MFA)
Authentication Typically Works
History indicates that a username/password combo isn’t always enough. Hackers can use automated systems to guess common passwords, infiltrate email or other systems where passwords are stored in clear-text, or find written passwords left behind in desks. 2FA/MFA helps to prevent unauthorized access by adding additional layers of security on top of the typical user/pass combo. The most common methods for deploying 2FA/MFA solutions are:
Use of a Verification Code
As noted earlier, when a system user attempts to login, they can be required to also input a code generated by a smartphone app, or a code sent to them via email or SMS text message. Once the user has input the additional authentication factor, the user can be granted system access. With this additional security layer in place, it means that if a hacker wishes to gain access to your business systems, they would need to have access to more than just a user’s password.
Many 2FA/MFA systems allow a user to download a smartphone application whereby they can receive authentication requests to the app, providing their second authentication factor by simply tapping “OK” on an application pop-up. This is by far the most convenient method of providing multiple authentication factors to our systems. It is also more secure than text message (SMS), as spoofing an identity on the cell network is not an impossible task. It would be almost impossible however to fake or spoof the handshake relationship the 2FA/MFA system has with your specific smartphone application install. Thus, text message (SMS) should not be used as a primary 2FA mechanism unless required.
Are you ready to take a proactive approach to protecting your business systems by incorporating the latest in 2FA/MFA technologies into your security plan? The IT experts at AVAREN are here to help. We can find the weak areas in your network perimeter and work to develop a multi-layered network security plan that’s built around your business systems. Call or e-mail our team today, and we will begin exploring how to better protect your business. Call AVAREN today! 214-379-4200
Cisco Duo Mobile – Two Factor Authentication (2FA)
Why Cisco Duo Mobile is the leader in 2FA/MFA protections.
What is Cisco Duo Security?
Duo is a 2FA/MFA platform now owned and operated by Cisco Systems. Duo is among the world’s most popular 2FA/MFA platforms because it is among the oldest, most well developed, and thus most flexible. Duo helps to ensure a user’s identify by requiring additional authentication factors from the user (beyond just their passphrase) before giving the user access to the requested system. These additional authentication factors could include: receiving and/or entering an additional code to login, responding to an application pop-up, or even biometric factors.
Duo is Scalable Protection
Because Duo is a cloud solution delivered by Cisco, the system is immediately scalable without making any internal system changes or buying any additional hardware. Whether your 2FA/MFA need is 5 people or 5000, Duo is both affordable and instantly scalable.
Smartphone Enrollment with Cisco Duo is Simple
The Duo Mobile Smartphone app is available for Windows phones, iPhone operating systems, and Android phones. If your people have smartphones, then the Duo MFA platform will be a snap to implement. In situations where mobile phones or cell coverage isn’t available, tablet or even hardlines are possible options.
After installing the Duo application on your smartphone users will begin receiving push notifications to their devices when they attempt to login to configured systems. Users would also of course receive these notifications if a cybercriminal were trying to login to a configured system. This occurrence would not only help to prevent the hacker from gaining access but would also alert the user that someone was trying to gain access to their account.
AVAREN can help with your Cisco DUO Mobile MFA roll out.
There are a host of reasons why Cisco Duo is the leader in 2FA/MFA protections. Duo is affordable, flexible, easy to setup and configure, easy to deploy, and can provide an additional layer of security to a wide variety of computing platforms. Whether you require 2FA/MFA for compliance purposes or just because you value your data, AVAREN can roll out Duo for your people in very little time.