Everyone knows them, everyone hates them: Username and password for the standard login. They are a problem for both users and security experts. Does two-factor authentication with mTAN offers more security? Or are there safer and more user-friendly solutions?
The username - usually the email address or
name - is easy to remember. But it is easy to find out for those who want
to. It looks different with the password. Because who can remember
umpteen different passwords of the type "Tsos_vS & G_v1966imL"? And
so it is not surprising that, except for a few paranoids, most users choose a
simple password. And they use it several times. A horror for every
security officer.
Against Better Knowledge: Multiple Uses of Passwords
Passwords are a problem - end-users and
security experts agree. Most users realize that passwords should never be
used twice. Nevertheless, for the sake of convenience, they use the same
password several times. However, passwords can be easily guessed, obtained
through brute-forcing or z. B. steal through social engineering. And
cybercriminals don't have a hard time.
Alleged Security
In many cases, passwords only provide
"perceived" security, not factual security. Did you know that
· 90 percent of all passwords can be cracked in less than six hours;
· two-thirds of all users use a single password for different web services?
Passwords suggest security but do not
guarantee it. There is no doubt that they provide little security as
authentication. Banks have long accepted this and started protecting
access with a second factor early on. For example, they use the mTAN procedure, in which the token is sent directly to the customer's cell phone via
SMS. What has meanwhile become standard in the banking environment is also
increasingly used in the normal IT environment.
Two-Factor Authentication: Useful or
Not?
In recent years, more and more web
portal operators have been offering end users the option of two-factor
authentication (2FA). As with the mTAN procedure, these solutions are
often limited to the use of one-time passwords that are transmitted via SMS. However,
SMS was never intended for confidential communication, and certainly not for
sending authentication data. It is therefore not surprising that it has
now been proven that SMS as a second factor is unsafe. The reason for
this: the cellular network. The data is transmitted unencrypted. In
theory, nobody has access to it. In practice, the SS7 standard used in
cellular networks contains several security gaps. Tools to exploit these
loopholes are freely available on the Internet.
Are There Alternatives?
Yes - two-factor authentication is now
available in numerous variants, such as B. Airlock 2FA or Cisco Duo. Some
add an additional factor to the previously entered password. Others completely
replace the previous login with a password with a direct combination of two
factors. The factors must come from the following
different categories:
KNOWLEDGE: Something only you know, such as B. a
password, a PIN, or answers to secret security questions.
OWNERSHIP: Something
only you have. A cell phone, a key, or a card, for example.
SEIN: Something
that is only you, i.e. biometric data, such as B. Fingerprint, voice
pattern, iris scans.
Security and Business Opportunity at The Same Time
The greatest advantage of the 2FA is that neither theft nor unauthorized copying of access data allows access to the system. Cybercriminals need to have the second factor to penetrate. 2FA thus builds another hurdle into common login processes, which ideally are already secured with strong passwords. A modern and integrated 2FA solution is also a great opportunity for a company to achieve a high level of customer orientation and enable simple interactions with customers.
Decision Criteria for 2FA Solutions
The different technical variants all
have their advantages and disadvantages. Nevertheless, 2FA remains one of
the best methods for securing internal and external access to corporate, cloud, and web services and applications. However, in addition to the costs of
implementation and operation, the user-friendliness of the solution used often
decides whether it will find the necessary acceptance. Many companies do
not use two-factor authentication in practice. “Too complicated, too
expensive,” is the argument. Rejection reasons no longer apply to
modern, dynamic, and risk-based 2FA solutions such as Airlock 2FA or Cisco Duo. Both
combine maximum security with a high level of comfort. The users benefit
from
· useful self-services and
· Self-registration around the clock.
They enable providers to integrate
quickly into existing environments. This z. For example, the mTAN
solutions (code via SMS) that have come under pressure in security circles can
be replaced cost-effectively with minimal effort.
Airlock 2 Fa - Strong Authentication for Web-Based Applications and
Portals
Airlock 2FA is a Swiss authentication solution that is fully integrated into Airlock's Customer Identity & Access
Management (cIAM) and thus benefits from the wide range of functions and
simplified processes. The Swiss cloud solution also requires little
support effort and is predestined to protect web-based customer portals with a second factor, such as e-banking, insurance or supplier portals, and banking
applications.
Cisco Duo - Home Office, but Safe
Cisco Duo is an authentication solution that helps organizations implement a complete zero-trust security model. The solution offers everything to ensure secure access to employee portals or the home office. It not only checks the identity of the user, but also the “health status” of the device used. With Cisco Duo, IT managers have a status overview of the security status of the users' end-devices at all times and can adjust the access requirements at the device level before access is released.
The solution offers a secure connection to all applications via a uniform user
interface - whether local or cloud-based. Also, Duo can be
integrated as an additional protection level to existing third-party products. This
includes remote access gateways, VPNs, VDIs, and proxies from manufacturers such
as Cisco, Check Point, F5, and many more.
Also, include internet security like total security software in your IT security policy.
Comments
Post a Comment