Simple meets secure: Single sign-on plus two-factor authentication.
Many companies and organizations now store files and applications in the cloud. This has many advantages. Users have everything they need to work at their fingertips, regardless of time and place—perfect in pandemic home offices or when implementing new work concepts with flexible working models. On the other hand, where a lot of work is done in the cloud, a multitude of passwords are needed to maintain organizational compliance. This is a challenge for users, who sometimes lose track of the password jungle.
Secure single sign-on (SSO) is a proven way to make things easy for users and also reduce the burden on IT departments. With SSO authentication, users log in once with an ID card or even their smartphone, and they have access to all the relevant files, applications and networks they need. We covered this in detail in a blog post. However, there are also companies with increased security requirements. In this case, it is advisable to add another level to the authentication process—or even several.
Simplicity and security in one.
Single sign-on has a wealth of advantages. The high level of user convenience is certainly the biggest asset. No one has to remember complicated passwords anymore, and the frustration of entering the wrong one several times is a thing of the past. However, a certain residual risk remains—especially in applications with highly sensitive data. SSO systems are an attractive target for hackers, which is why extra protection is important. Here, it makes sense to introduce a second level of security using two-factor authentication (2FA) or—if it needs to be even more secure—multifactor authentication. The principle of 2FA is now well established, and it is already used by many online providers. The procedure is already mandatory in many countries for online banking and payment services, and Google also requires its users to provide two-step proof of identity before access to services and files is granted.
One principle, many implementation possibilities.
Two-stage or multi-stage authentication exists in many variants. Formulated as an abstract principle, it consists of the first factor, "knowledge" (usually a password), and the second factor, "biometrics" (e.g., fingerprint or palm vein) or "possession" (e.g., smartphone). This two-tier or multi-level approach makes it more difficult for unauthorized third parties to access highly sensitive data and applications. Because even if it is possible to overcome the first hurdle, there is still at least a second one. This not only complicates access for fraudulent users but also significantly prolongs the sign-on attempt. Not good for attempted hackers, who—in order to remain undetected—have to act as quickly as possible. Thus, by combining several aspects, the data is even better protected against compromise.
A combination of password and one-time code (e.g., TAN, transaction number) is often used for two-factor authentication. The latter is generated automatically and then sent to a second end device, such as the smartphone, in SMS form. Only after this code has been entered is the identity check successfully completed. Biometric methods are also used—for example, fingerprints, facial recognition or vein scanners. Fingerprints have been used very intensively in recent years, especially in connection with smartphones. Another alternative is offered by hardware-based form factors: e.g., special USB sticks and, in particular, FIDO2 sticks (also tokens). These complement the hardware factors that have been familiar for many years, such as chip cards and RFID cards.
The right 2FA solution for every requirement.
As in all business processes, the goal in introducing two-factor authentication is to keep the effort for your company low and enable centralized management. You can find out how this is possible and which options are best for you in an in-depth consultation with us. For 2FA implementation, ELATEC successfully collaborates with experienced partners, such as idVation, Ones Technology or IDService. As a result, we are able to offer a technologically broad spectrum of 2FA solutions that can be adapted exactly to your needs. For example, this could be a combination of an RFID card system plus a palm vein scanner. Or smartphone authentication with the additional biometric feature of a fingerprint. Of course, our portfolio also includes solutions with the innovative FIDO2 standard for secure authentication.
THE ELATEC NEWSLETTER Your authentication update
As a frequent reader, you will always be up to date with the latest information on the topic of authentication, know the current trends and receive valuable tips. By signing up to our newsletter, we will make sure you won't miss any new blog articles ever again. And on top, you get even more exciting news on our products, events and industry trends.