Website Two-Way Authentication

Teavana
Teavana used Ask the Experts™
on
Hi Experts,

I am looking for a two-way authentication procedure in the attempt to protect one of our public facing website.

I would like to implement some type of two way authentication to add an additional layer of protect.


I am thing of the end users getting an email notification or some type of verification method.

Any thought or recommendations?

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Engineer
Distinguished Expert 2018
Commented:
Why not use SSL and enforce the use of Client Certificates?
mail can be read by adversaries esp. when on line (Mail is not encrypted normally).
SMS might be considered 2FA... (2 Factor Authentication is not exactly 2 Way authentication).

Two way:
Party A   <-------> Party B                         === Both parties show credentials to authenticate...

Two Factor:
Party A  --------> Party B factor 1 (password)  triggers sending of SMS
Party A  --------> Party B factor 2 (SMS code received).

Author

Commented:
Thank you for responding, I appreciate it.

I am protecting this site in question with an SSL cert but I was just thinking of adding an extra layer of protection to be safe.

Author

Commented:
I also stand corrected,  I meant two factor authentication not two way authentication, sorry.

Author

Commented:
Thank you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial