Lock and Key

Two Factor Authentication Virtual & Hardware MFA – Part II

In this second installment (see Two Factor Authentication & Password Managers – Part I ) on two factor or two step authentication I’ll explore in more depth both virtual and physical two factor authentication options you can start using today. In my Boston based IT consultancy practice I many questions from customers on the information security issues of the day. A most common issue I hear is about password security and even more frequently – two factor authentication. To explore this further, let’s first define what 2 Factor Authentication is:

Wikipedia defines two-factor authentication as:
Multi-factor authentication (also MFA, two-factor authentication, two-step verification, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something only the user knows”), a possession factor (“something only the user has”), and an inherence factor (“something only the user is”).

As an end user or even IT administrator you currently have a LOT of free and inexpensive options to deploy 2FA today. These exist both in software or virtual MFA and inexpensive physical hardware tokens. First lets explore the software options:

Virtual MFA Applications

Virtual MFA applications allow you to install a free or paid application on your smartphone, desktop or tablet that allows you to supply a second factor for authenticating you to any service. Examples are:

Google Authenticator

Google Authenticator is a virtual MFA that lets you set up Google 2-step authentication. The Authenticator provides a one time six digit password for you to use during login in any of the many supported services.
https://support.google.com/accounts/answer/1066447?hl=en

Supported Devices:
Android, Blackberry, iOS, dozens of other 3rd party implementations

Google authenticator works with a variety of services such as: Google, Amazon Amazon Web Services, Salesforce, WordPress and dozens more. Additionally there are many

Amazon AWS Virtual MFA

Amazon’s AWS Virtual MFA for Amazon’s cloud services. At this time it is available on Android platform only. Amazon AWS also support virtual MFA from Google Authenticator, Windows Authenticator on a variety of other platforms..
Amazon AWS Options

Supported Devices:
Windows, iOS, Android, etc.

Microsoft Authenticator

Microsoft’s virtual MFA for Windows Phone come in the form of Microsoft Authenticator. It works with Windows Azure to offer multi-factor authentication and several other Microsoft services.
http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b

Supported Devices:
Windows

Hardware MFA

Hardware based MFA solutions add an additional layer of security with a small cost. They are not subject to the weaknesses of a trojan or man in the middle attack. A determined cybercriminal would have to obtain these devices from you to gain access to that OTP generated by the device. This is in stark contrast with the known security issues with todays mobile smart phone platforms. Noting the low cost and minimal complexity of this solution it should be a no brainer for the average user or systems administrator. Below are a few of the many options to investigate deploying:

PayPal Security Key

https://www.paypal.com/securitykey

Gemalto MFA for Amazon AWS

http://onlinenoram.gemalto.com/

Yubico

http://www.yubico.com/

Given the known weakness of today’s password technologies any technologies to enhance it until we have an alternative are welcome. 2FA options in virtual MFA and hardware MFA are inexpensive, easy to implement and a powerful step in the right direction. I hope that you will explore and deploy these easy solutions to a more secure world.

4 thoughts on “Two Factor Authentication Virtual & Hardware MFA – Part II”

  1. I love the great links you’ve included, making it very easy to find the 2FA options you’re discussing without having to Google around for a few frustrating moments. As an Android user many of the software options listed would definitely help to increase security and make my private information safer, so thanks a bunch for this great resource on two factor authentication!

  2. It is good to see that more websites are implementing multi-step authentication software. However, most people are still opting for single-authentication methods of signing into accounts and the like, which is simply asking for trouble in this day and age. Right now I am applying for two-step authentication where I can, and so far, I’m happy with the extra security measures on my accounts.

  3. I am especially pleased that PayPal (being an online finances site) has two factor authentication, as I am very cautious about the fact that my details are present with their service. The extra layer of security allows for me to feel far more at ease when using their service, and hopefully more sites will begin to implement this as they begin to see the benefits.

  4. This two factor authentication system that is being introduced is a great response to the ever developing threat to privacy and security we are facing on the Internet. However, more sites desperately need to adopt the right security measures, such as proper encryption of website data, and ensuring that users present a knowledge factor and at least one other factor to the table to prove their identity.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top