If you think that passwords for online profiles are effective at preventing security breaches, consider these two new statistics:
- The average person has 19 passwords
- Four in five people say they forget their passwords
To counter password forgetfulness, users often take steps that leave network administrators cringing. They may duplicate one password over multiple accounts. They could use birthdays or other numbers that can be easily guessed. Or they might write them down, sometimes in plain sight.
Actions like these make it that much easier for attackers to successfully breach a network, and indeed, many recent breaches share a common origin – an employee’s password that was copied, discovered or given away.
To counter this wave of password theft, an avalanche of popular sites and apps, including Google, Amazon, Facebook and now even Snapchat, have replaced one-dimensional passwords with a form of user login credentials that help better protect sensitive information.
Enter two-factor authentication.
This approach combines two (or more) methods of credentials authentication to establish the unambiguous identification of each user, including:
- Something Users Know: Password, PIN, one-time password (OTP), certificate
- Something Users Have: Token or calculator (with OTP), soft token, text message (with OTP), machine/hardware certificate, smartcard, trusted platform module (TPM)
- Something Users Are: Fingerprint, face recognition, iris recognition, keystroke dynamics
Network administrators have all these options at their disposal, and the idea is to pick at least one form of authentication from two of the lists. An administrator may even pick a factor from all three lists, or combine multiple items from each. With this additional protection, users gain the convenience of anywhere-anytime access without exposing the network to unauthorized interlopers.
Two-factor authentication is especially helpful for organizations that require VPN remote access for their employees, and it may even be mandatory in some industries, like healthcare or payments.
To learn more about how two-factor authentication enhances remote access, please see our on-demand webinar hosted by Julian Weinberger, CISSP and Director of Systems Engineering. Julian addresses key considerations when implementing two-factor authentication for VPN access, including:
- Current methods of user authentication, and the advantages and disadvantages of each
- How to add a layer of security by combining authentication methods
- What to look for in a two-factor authentication solution that balances robust network security with user-side and admin-side simplicity
- How to overcome common barriers of adoption
If the security of your network depends solely on a user password for VPN access, you could be leaving the doors wide open to your corporate secrets. Two-factor authentication is the answer.
To learn more, please watch our on-demand webinar, “Two-Factor Authentication for Tighter VPN Security,” at the top of this post, or here on YouTube.
Want to learn more about two-factor authentication? Download our whitepaper “Two-Factor Authentication for VPN Access” to find out more.
In “Two-Factor Authentication for VPN Access,” we cover:
– The methods of authentication
– Common authentication combinations
– Criteria for balancing security and simplicity