- April 2nd 2019 – Please welcome two new sales people at IT2Trust
- March 29th 2019 – Webinar: How to detect and stop CRYPTOMINING on your network
- March 8th 2019 – Get your own free internal WhatsUp Gold network monitoring
- February 20th 2019 – Please welcome new Inside Sales Specialist at IT2Trust
- February 5th 2019 – IT2Trust sign Nordic agreement with CensorNet
- February 4th 2019 – Webinar: Multi-Cloud Challenges ahead? What to do?
- February 2nd 2019 – Datalocker PortBlocker – Maintain control of your USB ports
- January 29th 2019 – 6 surprising things about some multi-factor authentication solutions
- December 12th 2018 – Proofpoint Overall Winner – product of the year 2018
- December 7th 2018 – IT2Trust #1 in the Computerworld growth index 2018 for IT-Security
6 THINGS THAT MAY SURPRISE YOU ABOUT SOME MULTI-FACTOR AUTHENTICATION SOLUTIONS
Here are 6 things you may want to investigate when comparing multi-factor authentication solutions.
Swivel Secure rarely boasts about how robust and flexible AuthControl Sentry® is, but sometimes we even surprise ourselves. Take a look at the information below and see if it surprises you …
1. True multi-factor authentication or 2FA?
True multi-factor authentication consists of something that you have (hardware token or mobile app), something that you know (PIN), something that you are (fingerprint). However, some solutions market their offering as multi-factor authentication, despite only consisting of two of the three factors i.e. 2FA
2. Don’t wait for a man-in-the-middle attack
When a user authenticates access to an application, the window of opportunity to use the authentication code can last up to 45 seconds, or even twice that time with some (well known) hardware tokens. In this time, unauthorised access can occur including attacks such as ‘Man-in-the-middle’. Once successfully authenticated, the infiltrator potentially has access to the network and the ability to cause a catastrophic amount of damage.
3. Ensure a one-time code is a one-time code!
Typically, a one-time code (OTC) means it’s a code used on a device to authenticate access to a computer or application. The OTC can be delivered on a separate device such as a mobile phone or traditionally a hardware token. As the name suggests, a OTC is designed to be utilised only once for security purposes. Yet, some authentication suppliers provide the same code simultaneously, on different devices to authenticate access.
4. How and where is your data stored?
Part of today’s organisational security requirements often need authentication to support architecture that is on-premise, in the cloud or a combination (hybrid-cloud). Surprisingly, some solutions only support a cloud architecture and organisations are now starting to realise the negative security implications of storing data in a shared public cloud environment, choosing to move to an ‘on-premise / private hybrid hosting environment’, despite the perceived higher running costs, because the security benefits simply outweigh the cost factor. An additional consideration for data storage is the impact on GDPR regulations. For example, you might subscribe to a “local” hosting service, only to find your access point is in another country and your data has been moved to another data centre (DC) in another country. Ensure you know where your data is being held geographically as well as structurally.
5. Public cloud-based multi-tenancy and multi-tiered architecture can restrict your options to secure your data
Sometimes, it just makes sense to host selected applications and databases in the cloud. However, most cloud instances reside in multi-tenanted and multi-tiered data centres. This often exposes your data to a range of variables that can affect the integrity, security and the operational stability. Most importantly, depending where it is implemented and how your cloud authentication software was designed, it can often restrict your options for protecting it because it compromises the integrity of the system i.e. a shared service, with minimal customisation, reduced integration and shared access and management control.
6. What do you need to integrate with today and tomorrow?
Adding flexibility to an organisation so they are supported as they grow and evolve, should be high on the check list when looking for a multi-factor authentication solution. However, there are quite a few solutions that are restricted in their integration capability. They can only integrate with a limited number of software and hardware devices, usually because of their associations with other providers or their ownership.
But … AuthControl Sentry® is refreshingly different and provides:
True multi-factor authentication.
No refresh rate because a new code is requested each and every time you authenticate.
A one-time code is only ever used once, on one device.
Authentication for cloud, on-premise and hybrid.
Multi-factor authentication for all configurations including single private instance per customer.
Hundreds of integrations to fully support an organisation’s growth.
Get in touch for more information on authenticating access to your applications using true multi-factor authentication that provides integrations with hundreds of application whether stored on-premise or cloud based.
You can also get news about IT-security sent directly to your inbox – via our e-newsletter News2You.
News2You is targeted to both resellers and end users – and contains the latest within IT-security and Networking solutions – as well as invitations to seminars and other events we host.
Do you wish to receive News2You in the future, please send os an e-mail to email@example.com