Sunday, October 11, 2009

Two-Factor Authentication (2FA)


Two-Factor Authentication (2FA) is also known as Dual Factor Authentication (DFA)

When you think of all that happens online and you consider all that goes on in the ‘networked’ world, you can start to appreciate the tremendous need for strong security measures to protect online assets, data and communications.

Authentication is the cornerstone of any vigilant network security solution. And the authentication method used to protect the vast majority (90+%!) of networks (user names and passwords) is a 50 year-old solution designed when there were no networks, no Internet… in fact, next to no computers!

Passwords suffer from a number of weaknesses that make them an ineffective security measure for your network - they are easy to steal, easy to hack and hard to remember. The result is both reduced network security and increased help-desk costs for resetting passwords.

Solving the problem = Dual Factor Authentication (DFA)

Dual Factor Authentication (DFA), also known as Two-Factor Authentication (2FA) is directly analogous to the way one ‘authenticates’ to an Banking Machine – you use something only you have (your unique bank card) and something only you know (your secret PIN) to identify yourself to the system.

It is very similar in the networked world, the ‘something only you have’ is a password-generating authenticator or token. The ‘something only you know’ is, again, a secret PIN.

Token = One-Time Passwords

Your token is your key to the network – it generates a new password every time you logon. Your PIN validates that you are the rightful owner of the token. You can choose from several varieties of tokens all of which do the same thing, they generate a new secure, random ‘One-Time Password’ for every logon. Anyone key-logging or shoulder surfing your password will have a worthless string of letters and numbers as the password will work once and only once. Next logon a new random, One-Time Password is generated.

This secure method of dual factor authentication (DFA) does what static passwords cannot, it gives you the confidence and peace-of-mind that a user logging on to the network, really is who he or she claims to be and not someone just using a stolen, lost or shared password.

We are a leader and innovator in Dual Factor Authentication (DFA) /& Two-Factor Authentication (2FA) with our multi-award winning server and managed services based solutions.


Most two-factor systems rely on a password or PIN and something else, but that "something else" varies widely. In some cases, the "something else" is your computer. The system takes a hardware and software snapshot of your computer configuration and uses that information to identify you. This approach has the advantage of being as simple as using a password. The disadvantages are that the system has to go snooping around in your computer to identify you, and this setup ties your "identity" to a single computer.

Windows' authentication architecture makes it easy to add new forms of authentication. Windows uses a DLL called Graphical Identification and Authentication (GINA) to connect the authentication method to the Windows authentication system. It's easy to write alternate DLLs for GINA, to use any authentication method the software designer wants.



No comments: