Solved

Secure Token-two factor Authentication

Posted on 2013-11-26
2
171 Views
Last Modified: 2015-08-17
Hello,

I was wondering if anyone out there is using a token to replace the username/password domain authentication process for internal users to access network resources?  If so, can you recommend a provider?  How difficult was the move? What is the second authentication factor either password or challenged response, etc.
Thank you,
Christine
0
Comment
Question by:christine_allen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39680471
First: http://www.experts-exchange.com/Security/Misc/A_12368-Two-Factor-Authentication-Added-layers-are-not-always-added-security.html
Second you can try the yubikey products, they are cheaper than many and very goo.

2FA doesn't work at the lower levels of the network, read my article for more information.
-rich
0
 
LVL 64

Expert Comment

by:btan
ID: 39680524
2FA simply means more than what we know and to incorporate either what we have (separate device like phone, OTP generator or smartcard) OR/AND what we are (biometric primarily). Most common is to have "what we have"

OTP - can be software or hardware authenticator. common one is securID. you need an authenticator server provision though so that this one time password is sync when you keyed in. See this comparison for summary
https://store.emc.com/Product-Family/EMC-Store-Products/c/EMCStoreProducts/layout?layoutType=false&page=0&grid=true&q=:relevance:ProductFamily:RSA%20SecurID%20Products&PID=EMC_PRD-RSASIDSAM-D99E_SPLSH


Phone based

- There is one called PhoneFactor that allows a server to communicate a one-time additional code with the user’s mobile phone at the time of access. It is now under Microsoft suite and support Azure Cloud (Amazon Cloud has MFA and using smartcard or token if I recalled correctly, is gemalto)
https://www.phonefactor.com/solutions.shtml
Some example using include https://2factor.musc.edu/2fa/

- And even google has apps for mobile called the authenticator
https://code.google.com/p/google-authenticator/

We do try to avoid going too complex with PKI and lesser footprint but at the same time able to scale and stay flexible. Hence smartcard wasnt always the liking though it is more secure compared to simple OTP...of course if machine has keylogger or browser MITM, the PIN and OTP can easily be siphoned ...
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question