White Paper. The Principles of Tokenless Two-Factor Authentication

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "White Paper. The Principles of Tokenless Two-Factor Authentication"

Transcription

1 White Paper The Principles of Tokenless Two-Factor Authentication

2 Table of contents Instroduction... 2 What is two-factor authentification?... 2 Access by hardware token... 3 Advantages and disadvantages of tokens... 3 Authentication using smartcards... 4 Digital certificates are a thing of the past... 4 Tokenless two-factor authentication: BYOD becomes BYOT... 4 Flexibility is key... 5 An overview of the advantages of tokenless 2FA... 7 Summary

3 Introduction The subject of IT security plays an ever more important role in these times of virtual warfare, increasingly complex malware threats and online spyware attacks. This is of particular concern to firms because trends, such as Bring Your Own Device (BYOD), are making corporate networks more open to attack. Attacks are no longer limited to the company's premises and have spread to home offices, hotels and airports locations where, for example, sales representatives spend time and from where they would like to access corporate information. Various methods have been developed to ensure that it is, in fact, employee XYZ who is logging in and not a cyber-gangster misusing login information for his own purposes. The main method is the password, which, together with the user name, enables the user to log in. However, studies have shown that passwords are often chosen with little thought, making them easy to hack and resulting in the account being hijacked in no time at all. More security is provided by what are known as two-factor authentication solutions. This white paper explains the details of how they work, the versions available and the advantages they bring to companies. What is two-factor authentication? The development of IT security measures - especially for authentication processes - has seen security specialists move towards combining several mechanisms with each other. This category also includes two-factor authentication (abbreviated as 2FA). In this approach, at least two of three possible factors are required to clearly identify a user: something known only to the user (e.g. PIN); a tangible item that the user alone possesses (e.g. a token in the form of a USB stick) and/or something that is inseparable from and unique to the user, such as a finger print. A common example of authentication using the two-factor method is obtaining money from a cash machine: to complete the transaction successfully, the customer needs his own bank card as well as his PIN. Access to the account is refused if either of these two components is missing or if the PIN is not entered correctly. 2

4 This double protection reduces the risk of criminals immediately being able to misuse stolen access data to hijack someone else's account. In many 2FA solutions, something in the user's possession is combined with a sequence of numbers for one-time use, i.e. a one-time passcode (OTP). This OTP is either generated by an item in the user's possession, such as a security token, or a reliable server generates the OTP and sends it as a second factor to the device/token. An example of one such transfer method is a text message sent to the user's mobile phone. As a new number is generated each time, OTPs are far less likely to be hijacked than static or simple passwords, which can also be hijacked by means of phishing, keylogging or replay attacks. Access by hardware token The conventional method used in a 2FA solution is a hardware token. A token can, for example, be a USB stick or a key fob. A display often shows the combination of numbers to be entered by the user in order to log in. The OTP generated by the token is then used together with personal login details to clearly identify the user. Advantages and disadvantages of tokens This type of token can be used at any time and anywhere for user authentication. Furthermore, the user is not reliant on any additional hardware or the need to install programs. The disadvantages of this method, however, mainly concern token handling, security and costs. For example, it is necessary to allocate a token to a specific user. This causes the IT department a lot of allocation work to deploy: the more employees who receive a token, the more individual configurations are required. Additional costs are incurred due to the limited life of the devices (about three to four years) and through loss or theft. If employees are based all over the world, costs are also incurred in sending the devices to them. There is also the aspect that the user is reliant on the token because he has to take it with him at all times to authenticate himself. If the token is lost or forgotten, access is not possible. Over time, the employee could find it a nuisance to always have to take the token with him "just in case". A security issue exists and is highlighted as the user doesn t always carry a 3

5 token with them, so when its not with the user, where is it? This vulnerability is a major security issue and emphasized as users may have multiple tokens to carry. Authentication using smartcards Another method is smartcards, which also support personal access processes in the same way as hardware tokens. The advantages of smartcards is the multiple use of the card for building access and for storing multiple certificates in one place. The downside is the deployment of the smartcards and also the delivery and security of the certificates that live on them. Equally a certificate has a time to live and this is the biggest issue with certificate management where administrators need to replace or revoke a certificate. In addition to the deployment of the smartcard so ancillaries are needed in addition as the user's terminal needs to have a smartcard reader, which is often not integrated. This means appropriate hardware or software has to be installed. This usually results in an increased need for employee support as they have to learn how to use the smartcards and the associated hardware and software. Another disadvantage is that smartcards cannot be used with mobile terminals, as a special reading device is not integrated and cannot be installed or connected due to the slim design of mobile terminals in general. Digital certificates are a thing of the past The use of digital certificates is now largely obsolete, as they are not suitable for flexible, location-independent logins and are linked to a single computer. This results in a further disadvantage because anyone using that computer can log in, as the certificate is not assigned to a specific person. If the PC is reformatted or if the hard disk is destroyed, access by means of certificate is irrevocably blocked anyway. Tokenless two-factor authentication: BYOD becomes BYOT A more flexible approach is offered by tokenless two-factor authentication methods. These are not based on separate hardware solutions, but instead use devices already in the user's possession. This may, for example, be a mobile phone, a smartphone or a tablet PC irrespective of whether it is provided by the firm or is used as a personal device. These tokenless 2FA solutions provide all the security functions of hardware tokens but there is no need for additional hardware. This means that BYOD immediately becomes BYOT: Bring Your Own Token. 4

6 Users have so far been able to authenticate themselves without tokens in two different ways: software installed on the device either generates new passcodes on request or the user receives access data in real time by text message. The pitfall with the software solution is the existence of many different types of mobile phone and the associated wide variety of operating systems. In this case, it is not just procurement that is cost-intensive, the IT department would also have to be trained in all three types of software. An alternative is to send the passcode by text, as text messages do not constitute an invasion of personal property. The downside to this solution is, however, the need for real-time mobile network connections. Flexibility is key For greater independence, 2FA solutions, such as SecurAccess, provide flexible passcode transmission options: Pre-loaded text message: whenever an OTP is used, this causes a new OTP to be sent so that the latest passcode is always available. Real-time text message Text message with three codes: a single text contains three OTPs; codes that have been used are dynamically replaced in the same text message. Periodically sent text message: The OTPs are sent at a set time after a certain number of days. The current code can be used several times. Soft-token app for smartphones: available for devices with ios, Android, Windows (7) or Blackberry operating systems. The user scans a seed record using a QR code and then receives an OTP that changes every 30 seconds. Soft token for laptops (Microsoft/Mac): Clicking on the software generates an OTP that changes every 30 seconds. Voice call: First the user enters a PIN or passcode and a six-digit passcode is then displayed. A call is automatically initiated at the same time. The user takes the call and enters the passcode using the telephone keypad. Pre-loaded This operates in the same way as the pre-loaded text messages. The same applies to the following three methods: real-time ; with three codes and periodically sent . 5

7 This enables the user to be particularly flexible in order to be able to adapt to the given circumstances. For example, in the case of a road warrior who continually has to log on remotely to see company information, the periodically sent text message or would make sense because the representative would then have reusable codes at his disposal. Staff who rarely log in remotely or who do not have a mobile phone can use the voice call method. Users who know in advance that they will have only a poor or no network connection in a certain region can fall back on the three-code method in order to have a ready supply of OTPs. A unique point for SecurEnvoy is the ability to go between devices with only one having a live capability. Life Cycle Management is a term SecurEnvoy now use to describe the creation, movement and management of seed records of devices. Traditionally seeds are created and installed onto a device, however if you use multiple devices and/or change the type of authentication you wish to use these seeds are not easily disposed of and very difficult re-enable! They are also quite expensive and cannot be reused on another device. Understanding how users manage and use their devices has allowed SecurEnvoy to build a solution that allows the user to move between devices and methods of authentication without leaving a footprint behind. Traditional seed records are created by the vendor where a copy is normally kept, the recipient then installs this onto a device and uses the device as a virtual token. However if the users chooses to use another method of authentication so the seed must either be deleted or left running. The issue with this, now we live with multiple devices, is leaving multiple devices with live capabilities when they are in our possession and when they are not. With this older method of seed management it leaves a lot to go wrong and isn t as secure as it should be. SecurEnvoy allow the user to have as many devices as they choose to have the technology available to them, at no extra cost, but allow only one of these devices to be the authenticator at one time and thus alleviating any potential compromise of a user s identity. This seed and identity management is key in securing the user and ensuring the company has business grade technology that is 100 % reliable. Equally it s important that these sedds are not kept by the vendor, so uniquely, SecurEnvoy don t provide the seeds themselves and nor do they have access to them, instead 6

8 the customer installs the on-premise software and create their own seeds and manage these themselves. This method is the same for our cloud providers who alos benefit from this methodology as they also don t keep or manage the seeds, only the client does. From a security perspective this is key critical to the longer term trust of a solution. Finally security is most powerful when the seed cannot be compromised, it is for this reason SecurEnvoy uniquely create split keys. One part is a finger print of the device and resides on the device and the other part sitting securely back in the enterprise. If either side were compromised the seed is not available for compromise and is unique to the device. This same method works for our customers because each seed is created on the fly to allow the user to move between devices. Should one device be compromised only one part is taken, the other part can be deleted from the server and alleviates any possible compromise. An overview of the advantages of tokenless 2FA Cost savings: there is no need for additional hardware tokens, which have to be purchased, configured, maintained and regularly replaced if lost or stolen. It works with all the latest mobile phones, smartphones, laptops, tablets, Microsoft PCs and Apple Macs. Flexible code transmission options, for example by text, , soft token or voice call The user has the choice and is in control, taking a lot of the strain off the IT department, as it only needs to define the general conditions, such as the specific time for periodic passcode updates and such like. There is no need for personalised configuration, unlike the case with tokens, so this also reduces the workload. Summary With the help of 2FA, companies can ensure that their staff can clearly identify and authenticate themselves, as only the correct combination of user data and OTP allows them to log in. The tokenless method also has further advantages, for example cost savings, as there is no need to invest in separate tokens. The staff do not have to carry an additional device around with them either, instead they simply use their existing mobile terminal. The authentication method is particularly secure 7

9 because one component is known only to the user and the other is sent to a device that is only in the user's possession. Even if the employee loses his smartphone or login details or if they are stolen these factors, on their own, are of no use to a thief. A range of transmission options also provides flexibility and can be adapted to different working conditions. 8

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

Two Factor Authentication - USER GUIDE

Two Factor Authentication - USER GUIDE Two Factor Authentication - USER GUIDE Two Factor Authentication (or 2FA) is a two step verification process that provides an extra layer of security for you when accessing your account within Online Services.

More information

QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION

QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION QUICK SELLING GUIDE THE FUTURE OF AUTHENTICATION Who are SecurEnvoy? As the original inventors of tokenless authentication, our goal is to continue to design innovative solutions that take advantage of

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Securing corporate assets with two factor authentication

Securing corporate assets with two factor authentication WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for

More information

Hard vs. Soft Tokens Making the Right Choice for Security

Hard vs. Soft Tokens Making the Right Choice for Security Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com

More information

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Entrust IdentityGuard

Entrust IdentityGuard +1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's

More information

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading

More information

Multi-Factor Authentication FAQs

Multi-Factor Authentication FAQs General FAQs What is Multi-factor Authentication (MFA)? Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your

More information

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale

More information

Moving Beyond User Names & Passwords

Moving Beyond User Names & Passwords OKTA WHITE PAPER Moving Beyond User Names & Passwords An Overview of Okta s Multifactor Authentication Capability Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity

More information

One-Time Password Contingency Access Process

One-Time Password Contingency Access Process Multi-Factor Authentication: One-Time Password Contingency Access Process Presenter: John Kotolski HRS Security Officer Topics Contingency Access Scenarios Requesting a Temporary One-Time Password Reporting

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

TWO-FACTOR AUTHENTICATION GOES MOBILE

TWO-FACTOR AUTHENTICATION GOES MOBILE TWO-FACTOR AUTHENTICATION GOES MOBILE First Edition September 2012 Goode Intelligence All Rights Reserved Published by: Goode Intelligence 26 Dover Street London W1S 4LY United Kingdom Tel: +44.20.33564886

More information

Moving Beyond User Names & Passwords Okta Inc. info@okta.com 1-888-722-7871

Moving Beyond User Names & Passwords Okta Inc. info@okta.com 1-888-722-7871 Moving Beyond User Names & Passwords An Overview of Okta s Multifactor Authentication Capability Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 Moving Beyond

More information

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc. Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are. Two Factor Authentication Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are. For example, one method currently utilized within

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Secure Authentication Managed Service Portfolio

Secure Authentication Managed Service Portfolio Secure Authentication Managed Service Portfolio Combating Corporate Identity Theft Signify Managed Authentication Services Signify offers a complete range of Secure Authentication and Identity Management

More information

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

External Authentication with Watchguard XTM Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Watchguard XTM Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Watchguard XTM Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business Park

More information

Proposal Document TitleDocument Version 1.0 TitleDocument

Proposal Document TitleDocument Version 1.0 TitleDocument G-Cloud - Strong Authentication Service - Service Definition Proposal Document Author TitleDocument Version 1.0 TitleDocument Document publication date - 02/12/2014 Title Document Classification - Public

More information

Two-Factor Authentication and Swivel

Two-Factor Authentication and Swivel Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide

More information

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting

More information

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0 Flexible Identity Multi-Factor Authentication OTP software tokens guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services 2 of

More information

Welcome Guide for MP-1 Token for Microsoft Windows

Welcome Guide for MP-1 Token for Microsoft Windows Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy Dell SonicWALL and SecurEnvoy Integration Guide Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

Dangers of 'Good Enough' Authentication Solutions

Dangers of 'Good Enough' Authentication Solutions Whitepaper The Hidden Dangers of 'Good Enough' Authentication Solutions A step-by-step guide to understand the common pitfalls when selecting an authentication solution The user authentication market is

More information

Why SMS for 2FA? MessageMedia Industry Intelligence

Why SMS for 2FA? MessageMedia Industry Intelligence Why SMS for 2FA? MessageMedia Industry Intelligence MessageMedia Industry Intelligence Why SMS for 2FA? ii Contents OTP Authentication Methods...2 Hard Tokens for OTP...3 App-based Tokens for OTP...4 Email

More information

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA) Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected

More information

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210

More information

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview

More information

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010

More information

Balancing risk, cost and user experience with SMS for 2FA

Balancing risk, cost and user experience with SMS for 2FA Balancing risk, cost and user experience with SMS for 2FA MessageMedia Industry Intelligence Contents OTP Authentication Methods...2 Hard Tokens for OTP...3 App-based Tokens for OTP...4 Email vs. SMS for

More information

Soonr Workplace Enterprise Plan Overview

Soonr Workplace Enterprise Plan Overview This document is an overview of the features that are included in the Soonr Workplace Enterprise Plan. The Enterprise Plan is designed for the specific needs of IT departments in larger companies where

More information

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1 Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called

More information

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Microsoft Windows Intune: Cloud-based solution

Microsoft Windows Intune: Cloud-based solution Microsoft Windows Intune: Cloud-based solution So what exactly is Windows Intune? Windows Intune simplifies and helps businesses manage and secure PCs using Windows cloud services and Windows 7. Windows

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Secure Access Portal. Getting Started Guide for using the Secure Access Portal. August 2011. Information Services

Secure Access Portal. Getting Started Guide for using the Secure Access Portal. August 2011. Information Services Secure Access Portal Getting Started Guide for using the Secure Access Portal Information Services 1. Introduction The Secure Access Portal enables the authority to provide simple but secure remote access

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

Why you need. McAfee. Multi Acess PARTNER SERVICES

Why you need. McAfee. Multi Acess PARTNER SERVICES Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices

More information

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

Hosted Desktop for Business

Hosted Desktop for Business Your complete guide to Hosted Desktop Hosted Desktop for Business 1 Doc V1.0 Jan 2014 Table of Contents Hosted Desk- 3 Hosted Desktops today... 4 What is a hosted desktop? 4 How does it work? 6 How easy

More information

How to reduce the cost and complexity of two factor authentication

How to reduce the cost and complexity of two factor authentication WHITEPAPER How to reduce the cost and complexity of two factor authentication Published September 2012 48% of small and medium sized businesses consistently cite technical complexity and cost of ownership

More information

The Cloud for Productivity and Mobility

The Cloud for Productivity and Mobility The Cloud for Productivity and Mobility A Guide for Small and Midsize Business As mobile work becomes the norm, turn to cloud-based solutions to extend productivity, collaboration, and business management

More information

Modern two-factor authentication: Easy. Affordable. Secure.

Modern two-factor authentication: Easy. Affordable. Secure. Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks

More information

How can I protect against the loss of my ID if my device is lost or stolen?

How can I protect against the loss of my ID if my device is lost or stolen? How can I protect against the loss of my if my device is lost or stolen? If your mobile device is stolen or lost, you can reactivate your user on a new device and deactivate it on your stolen or lost device.

More information

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010

More information

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what

More information

The Hidden Costs and Risks of DIY Two Factor Authentication

The Hidden Costs and Risks of DIY Two Factor Authentication The Hidden Costs and Risks of DIY Two Factor Authentication Foreword Dave Abraham examines the real costs involved in implementing and managing two factor authentication (2FA) in-house. Dave Abraham is

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Cloud Backup and Recovery for Endpoint Devices

Cloud Backup and Recovery for Endpoint Devices Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,

More information

MobilePASS+ for Android. User Guide

MobilePASS+ for Android. User Guide MobilePASS+ for Android User Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right

More information

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Jan Wiewiora White Paper Introduction Users are increasingly relying on smartphones and tablets for work. Recent

More information

Backing up your digital image collection provides it with essential protection.

Backing up your digital image collection provides it with essential protection. Backing up your digital image collection provides it with essential protection. In this chapter, you ll learn more about your options for creating a reliable backup of your entire digital image library.

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Multi-Factor Authentication for first time users

Multi-Factor Authentication for first time users Multi-Factor Authentication for first time users **Multi-Factor Authentication will be required for all Duke University accounts on July 1 st, 2016.** What is Multi-Factor Authentication (MFA)?? Multi-factor

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

Welcome Guide. SafeNet Authentication Service. MP-1 Token for Mac OS X. SafeNet Authentication Service: Welcome Guide. MP-1 Token for Mac OS X

Welcome Guide. SafeNet Authentication Service. MP-1 Token for Mac OS X. SafeNet Authentication Service: Welcome Guide. MP-1 Token for Mac OS X SafeNet Authentication Service Welcome Guide 1 Document Information Document Part Number 007-012414-002, Rev. B Release Date February 2015 Trademarks All intellectual property is protected by copyright.

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

White Paper. McAfee Cloud Single Sign On Reviewer s Guide White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Two-factor Authentication

Two-factor Authentication Enter only a Prove Identity Two-factor Authentication EXECUTIVE HANDBOOK 2FA With Fingerprint? PIN? Passcode? www.secsign.com INDEX 1 2 3 4 5 6 7 8 9 Data Security Breaches Overview 2014-15 Page 3 How

More information

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,

More information

MCBDirect Corporate Logging on using a Soft Token

MCBDirect Corporate Logging on using a Soft Token MCBDirect Corporate Logging on using a Soft Token Document issue: 2.1 Date of issue: September 2014 Contents About Soft Token authentication... 3 Logging onto MCBDirect Corporate online banking... 4 Soft

More information

Token Guide. SafeNet Authentication Service. SafeNet OTP Hardware Tokens. Token Guide: SafeNet Authentication Service, Version 3.4

Token Guide. SafeNet Authentication Service. SafeNet OTP Hardware Tokens. Token Guide: SafeNet Authentication Service, Version 3.4 SafeNet Authentication Service Token Guide 1 Document Information Document Part Number 007-012477-001, Rev. E Release Date February 2015 Trademarks All intellectual property is protected by copyright.

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

EBA STRONG AUTHENTICATION REQUIREMENTS

EBA STRONG AUTHENTICATION REQUIREMENTS EBA STRONG AUTHENTICATION REQUIREMENTS FOR INTERNET PAYMENTS IN EU TO BE IMPLEMENTED BY AUGUST 1 ST 2015 LEGAL WHITEPAPER What are the strong authentication requirements under EBA Guidelines which European

More information

Secondary School 1/04/2015. ICT Service Specification by: Andrea Warburton ONE IT SERVICES AND SOLUTIONS

Secondary School 1/04/2015. ICT Service Specification by: Andrea Warburton ONE IT SERVICES AND SOLUTIONS 1/04/2015 Secondary School ICT Service Specification by: 1 Andrea Warburton ONE IT SERVICES AND SOLUTIONS SERVICE SPECIFICATION One IT Services and Solutions offer a one stop shop ICT support service,

More information

Best Practices for Enterprise Mobile Printing

Best Practices for Enterprise Mobile Printing Micro Focus iprint Best Practices for Enterprise Mobile Printing Mobility is changing the way people do everything. Today s workers are constantly on the move and armed with apps often unsanctioned by

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

Department of Veterans Affairs Two-Factor Authentication MobilePASS Quick Start Guide November 18, 2015

Department of Veterans Affairs Two-Factor Authentication MobilePASS Quick Start Guide November 18, 2015 Department of Veterans Affairs Two-Factor Authentication Quick Start Guide November 18, 2015 Introduction: This guide provides instructions for installation of the soft token on your non-piv enabled or

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

Allianz Global Investors Remote Access Guide

Allianz Global Investors Remote Access Guide Allianz Global Investors Remote Access Guide Web Address: http://remote.allianzgi-us.com/ Page 1 of 34 pages Please contact the Service Desk at Table of Contents 1. Introduction to the Remote Access Page

More information

Security Awareness. ITS Security Training. Fall 2015

Security Awareness. ITS Security Training. Fall 2015 Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices According to Gartner, by 2015 more than 60% of enterprises will have suffered material loss of sensitive corporate data via mobile devices. Armed with

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information