What makes a two-factor authentication solution convenient for an enterprise and which products should companies consider to implement? In this article, we will cover 7 most suitable data protection tools offered by well-known two-factor authentication service providers.
A standard procedure of getting access to a network account consists of entering login details: a login and password. This is a single factor authentication. Two-factor authentication (2FA) is an additional data protection measure that implies an extra step to a common log-in procedure. Unlike a single factor authentication requires users to enter password and login (something they know) to get access to data, 2FA may require entering one-time password received on a personal mobile device (something users have) or inherence confirmation, e.g. biometrics (something users are).
Two-factor authentication solutions allow companies to better protect their data and avoid unauthorized access to it. Though, a set of features and characteristics of every tool can be totally different from vendor to vendor.
SecurAccess is a tokenless two-factor authentication system developed by SecurEnvoyspecifically for user-identification that involves remote access. This solution will be especially useful for those companies that manage remote teams. Both small and medium enterprises can take advantage of Secure Access, as well as large corporations can since its deployment can scale up to 100,000 users per hour.
SecureEnvoy’s product can send passcodes to any mobile phone without SMS delivery delays. It allows companies to enhance their list of users to include both third-parties and consumers besides own employees. Therefore, in case your company has to provide its partners with access to corporate business resources, then SecurAccess would be a convenient solution.
SecurEnvoy’s tokenless authentication brings various benefits to companies that strive to save their budget on the 2FA solution deployment and helpdesk administration. With SecurAccess, they can avoid expenses on token deployment or replacement as well as reduce helpdesk administration cost since their users won’t face token resynchronisation or PIN resets.
The solution will cost you about $1,650 annually for more than fifty users.
- Sending out passcodes via SMS, VoIP phone calls, or email;
- Unlimited number of supported LDAP servers;
- Supporting all popular web SMS gateway services, such as Vfirst, T-Mobile, aql, and HSL;
- Overwriting passcodes (automated replacing old passcodes with new ones);
- In Case of Emergency feature that implies sending notifications to privileged users if some nonstandard situation causes an access denial.
- Integration with various servers, such as Microsoft’s Adam, Fedora, eDirectory, Sun Directory Server, and AD.
OKTA ADAPTIVE MFA
Okta Adaptive MFA is a multifactor authentication (MFA) tool based on a single sign-on (SSO) principle. This solution is especially convenient for those companies that need to adopt cloud-based security.
The main advantage of Okta Adaptive MFA is that it can provide the right authentication factor in each particular situation. Administrators can set specific types of authentication factors for users depending on their position. The solution can send out passcodes via SMS, push notifications, use biometrics, software and hardware tokens to authenticate users.
Okta Adaptive MFA has a flexible reporting system. Admins can review suspicious activities, the number of users who have never signed into a corporate system, or the list of users with failed logins.
The implementation of this tool will cost you $3 per user monthly. With additional $3 per user, companies can order the Advanced Policy package that supports IP zone functionalities and reputation as well as geolocation.
- Supporting both software and hardware tokens;
- Using biometrics as one of authentication factors;
- Choosing particular authentication factors for particular user groups;
- Automated user account creation with Active Directory logins
SecureAuth IdP is a tool that can be used for both single sign-on (SSO) and multifactor authentication. As a cloud-based solution, SecureAuth IdP is suitable tool for medium and large enterprises that use a wide variety of SaaS services and strive to significantly increase their network security.
The solution can provide companies with a high flexibility regarding setting authentication factors. A traditional login process implies entering both login and password at the first stage. However, SecureAuth IdP enables admins to set a custom order of requesting specific sensitive data.
The solution offers numerous 2FA options, such as smart cards, USB keys, biometrics and generating one-time passwords via a phone call, SMS, and email.
SecureAuth IdP will cost you not less than $15 per user annually,
- Integration with SAML;
- Active-Directory integration;
- Supporting the Single Sign-On (SSO) technology;
- Authentication via biometrics;
- Complex reporting.
RSA is one of the most known multifactor authentication providers. Its RSA Authentication Manager or SecurID suite is a 2FA tool for securely accessing applications regardless whether they are installed on-premise or located in the cloud. . SecurID has a wide set of software and hardware tokens that can be installed as supplementary authentication factors.
RSA SecureID suite also includes RSA Identity governance and lifestyle tool that allows you to generate different types of reports and provides you with a real-time access certification, provisioning, and monitoring.
SecurID supports all basic mobile operating platforms (Android, iOS, Blackberry, and Windows Phone) and it can send out passcodes via SMS, push notifications, and email.
The implementation of SecurID suite will cost you from $1 to $6 per user, depending on the package.
- Sending out passcodes via SMS, email, and using hardware or software tokens;
- On-demand authentication via various protocols, such as RADIUS or Native RSA SecurID Protocol;
The Symantec company offers its Validation and ID Protection (VIP) service, a multifactor authentication tool which can use both smartphones and biometrics to make a login process more secure. When it comes to sending out passcodes to smartphones, Symantec VIP can use both voice calls and text messages. To provide access to network resources, Symantec VIP can also use a wide variety of hardware tokens or biometrics, such as fingertips.
Symantec offers various add-ons for their solution that enhance its capabilities. An additional risk-based analysis tool helps companies to detect fraud by analyzing particular user authentication process. For example, if some user logins in from different locations simultaneously, the system alerts about such suspicious situations. VIP Enterprise Gateway, another add-on, ensures RADIUS and Active Directory integration as well as both local and VPN access to company’s web servers based on Linux or Windows.
Symantec charges $0.25 per each passcode via voice calls and $0.07 per each text message.
- Risk-based tokenless authentication;
- Authentication via fingerprint biometric;
- Scheduled reports;
- RADIUS and Active Directory integration.
CA STRONG AUTHENTICATION
CA Technologies is one of the most known multi- and 2-factor authentication vendors that offers network security solutions to large- and medium-sized companies that seek tools capable of preventing identity theft. Their product adds extra authentication steps for various servers and services, such as Outlook, Salesforce, and Active Directory. It supports a wide range of software-based tokens, such as voice calls, text messages, mobile applications, and email messages. Their solution can be deployed on different platforms: a web app, desktop, iOS, Android, and Windows Phone.
CA Strong Authentication can easily integrate with a CA Identity Manager suite to ensure a higher level of security due to the special key protection technology patented by CA. The suite provides a full set of necessary administrative tools that allow companies to configure their policies, monitor user activity, and detect cyber attacks. CA Strong Authentication can report user authentication attempts, risk assessment and tracking administration details.
- Supporting many different credentials, such as passwords, knowledge-based authentication methods, hardware and software tokens.
- Eliminating the risk of stolen passwords since the solutions stores no passwords.
- Enhanced reporting system;
- Integration with SAML and RADIUS;
- Supporting the Single Sign-On (SSO) technology.
- Availability as an on-premise solution and MPS-hosted or cloud service.
Vasco, a global vendor of IT security solutions, offers one of the best two-factor authentication solutions on the market. Its IDENTIKEY Authentication Server includes multi- and two-factor authentication tools and DIGIPASS tokens. Their 2FA tool focuses on protecting access to network resources and it supports a wide range of token types, such as text messages, mobile apps, email messages hardware tokens, QR codes, web clients, and Windows software. It also supports various authentication methods, such as RADIUS, Active Directory, SAML, Simple Object Access Protocol (SOAP), and a web code.
The main advantage of IDENTIKEY Authentication Server is its reporting capabilities. It provides more than thirty different report templates that can be downloaded in an HTML, XML, or PDF format. The solution also provides many preset customizable policies that allow companies to set authentication for different user groups or internal vs. external logging in.
The standard package will cost companies from $333 per 5 users.
- Supporting hardware tokens;
- Reporting summaries on user history;
- Supporting web server and RADIUS environments;
- Active-Directory integration;
- Web-based administration interface.
An IT community realized long ago that traditional passwords could not ensure reliable security for important data because they can be easily compromised. 2FA delivers additional data protection measures that strengthen company’s confidence in the safety of their information. All of the above-mentioned 2FA solutions support mobile tokens and provide flexible authentication methods. Though, some of the vendors have taken a step further and tried to focus on risk-based methods too.
If your company uses numerous Saas-based applications, then such solutions as SecureAuth IdP and Okta Adaptive MFA will be especially suitable. If your company often interoperates with third-party organizations and needs to provide them with limited access to network resources, then SecurAccess will be a wise choice. In case you consider mostly on-premise solutions, then SecurID and CA Strong Authentication are your best bets. If you appreciate both advanced reporting and fraud detection capabilities, then Vasco IDENTIKEY and Symantec VIP are worth considering.
Source: The Merkle