Blog

What you need to know about Multi-Factor Authentication

What you need to know about Multi-Factor Authentication

What is multi-factor authentication and why do I need it?

Multi-factor authentication (MFA) is an additional layer of security that protects against unauthorised access to sensitive information.

One of the most well-known uses of MFA is something you might do often; withdraw cash from an ATM.  Your card is a physical identifier, and together with your PIN code, provide a secure but easy way of accessing your account.  This method is called two-factor authentication (2FA).

As the cyber threat continues to grow, the financial services sector will need to use MFA across even more areas.  Intsights said in a recently published report that 25% of all malware attacks hit banks and other financial services organizations, more than any other industry.

Organisations are increasingly making MFA necessary for partner access.  In fact, Microsoft has recently confirmed they will introduce mandatory MFA for its Cloud Solution Provider (CSP).  If partners do not enforce MFA, they cannot transact in the Cloud Solution Provider program, or manage customer tenants leveraging delegated admin rights.  More details can be found in the official Microsoft documentation here

We look at 4 MFA authenticator applications, Google Authenticator, Duo, Microsoft Authenticator and Watchguard AuthPoint, to see what they offer.

 

Google Authenticator (free)

Google Authenticator is a mobile security application which uses two-factor authentication (2FA) to identify users who need access to various services.  The knowledge factors used in the 2FA verification process are:

  • Something the user knows (usually a username or password)
  • Something the user has (usually a physical device such as a mobile phone)
  • Something the user is (such as a fingerprint or iris pattern)

When Google Authenticator is enforced, the user types in their username and password.  The next step involves entering a one-time passcode (OTP), triggered by the previous step, that the user gets from their mobile device.  Together, they confirm whether the user is allowed to access the account. 

Google Authenticator has been thought of as the standard for 2FA for years, but competitors such as Duo and Saaspass are gaining attention as worthwhile alternatives.  Improved support, frequent updates and other advanced features make the paid options worth exploring.

    

Duo (free and paid options)

The main selling point of Duo is its focus on user experience.  Their wide variety of authentication methods make it easy for users to quickly log on securely.

They also support Universal 2nd Factor (U2F) security tokens, hardware tokens, mobile passcodes, SMS, phone call back and biometrics like Touch ID. 

Other useful features include:

  • Self-service management allowing users to easily manage their own devices during login
  • Regular security patches and features
  • Duo Help Desk Push enables admins and help desk staff to verify end-user identities with Duo Push
  • Automatic enrolment options for ease of user provisioning for larger organizations

The finance sector can particularly benefit from Duo’s features with a range of methods to help meet compliance and audit requirements.  It protects hybrid environments, remote-access VPNs and single sign-on.

Remote employees such as financial planners are also supported. Automated enrolment options create smoother deployments at scale and reduce help desk tickets.

Duo offers a free version for up to 10 users, and 3 other tiers ranging in price and features.  

  

Saaspass (paid and free trial)

‘Move Beyond Passwords with The Only Full-Stack Identity & Access Management Solution’.  This is the selling point Saaspass boldly states on their website homepage. 

Saaspass wants to move away from the need to use passwords every time you login.  It significantly improves ease of use by eliminating the manual typing of passwords and resources involved with password complexity rules and resets.

Trusted by Nasa, Visa and Boeing, Saaspass effectively allows you to replace ID cards, single sign-on products and password managers with a single, easy-to-use solution.

Other benefits of Saaspass include:

  • Authenticate to cloud-based and on-premise apps securely and seamlessly
  • Eliminate the costs and risks of purchasing and managing security tokens and hardware
  • Login to your Mac or PC instantly, with full MFA, even when offline  
  • Control and instantaneously manage network access by employees and partners

 

WatchGuard AuthPoint (30-day free trial)

AuthPoint uses the AuthPoint App to implement MFA.  Like Saaspass, it uses the power of push or a QR code to create a more convenient and secure approach over one-time passwords (OTPs).  Users can accept or reject a push notification without the need to recall and enter a numeric code.

As with Saaspass, you can still use the AuthPoint app by reading the QR code presented on screen.  Only the user with the right AuthPoint app can read it and access protected resources.

Other useful features of AuthPoint include:

  • Availability in 11 languages
  • Ability to store additional authenticators, such as for Google Authenticator
  • Multi-Token support
  • Windows and MacOS Secure Login

 

Conclusion

As the cyber threat continues to grow, enforcing MFA is no longer becoming optional for many organisations.  With Microsoft enforcing MFA for all users in partner tenants, many others are likely to follow.     

Overall, if you have no MFA for protecting sensitive information, free options such as Google Authenticator and the free version of Duo are adequate.  If, however, you are looking for advanced features and better support, the paid options offered by Duo, Saaspass and WatchGuard AuthPoint are worth exploring.

Are you ready to find the right security solutions for your business?  Total Group provides a range of WatchGuard solutions, from firewalls to AuthPoint MFA. Contact our experts today and we’ll help your business transform.   

To enable comments sign up for a Disqus account and enter your Disqus shortname in the Articulate node settings.

© 2019 - Total Group International Ltd