Two Factor Authentication

The Challenge

Virtually all enterprise organizations do business online and keep sensitive data on networks accessible from end-user devices. However, as witnessed by the many publicized breaches that have occurred in the recent past, not all enterprises have been successful in protecting against such attacks.

Remote access to network resources, including VPNs and web sites, are often protected only with simple user name and password credentials. This allows a determined hacker to gain access to these resources relatively easily. Further, weak internal security renders both wired and wireless LANs vulnerable as we are seeing more attacks from within the perimeter.

These trends have given rise to increasing mandates all around the world to comply with security standards for assurance of networks, applications and data. The common denominator for securing user authentication is the addition of a second factor for validation of the user’s identity; hence the term “two factor authentication” (2FA). Generally, in 2FA, the first factor is something you know, for example, your password. Typically, the second factor is something you have. That something is the security token.

NAN’s 2FA solutions are cost-effective, highly secure and easy to administer and use. Our solutions help organizations comply with SOX, PCI, HIPPA and other regulatory requirements that implicitly or explicitly require two-factor authentication. Organizations can chose the specific type of security solution depending on the risk associated with various types of transactions, and budgetary constraints, while providing reliable evidence of all network related user and administrative activities required for passing compliance audits.

Security Token Options:

  • Hardware Device – time-based one-time password
    – Server Side Activation
    – Client certification-based authentication
  • Mobile – Software implemented on SmartPhone

A security token is used as part of a system to prove one’s identity electronically as a prerequisite for accessing network resources. There are many types of hardware and software based tokens, sometimes referred to as dongles, key fobs, authentication tokens, USB tokens and cryptographic tokens. The use of a security token as the second factor by the end-user solves the problems of using only static passwords.

Token authentication solutions all require a client and server component. The client component is the Security Token itself; the server component is the Authentication Server (also called Validation Server). The two components share secret keys that are related to each other and used to independently perform cryptographic operations such that the outputs can be compared for validation purposes.