Two Factor Authentication Virtual & Hardware MFA – Part II

Lock and Key

In this second installment (see Two Factor Authentication & Password Managers – Part I ) on two factor or two step authentication I’ll explore in more depth both virtual and physical two factor authentication options you can start using today. In my Boston based IT consultancy practice I many questions from customers on the information security issues of the day. A most common issue I hear is about password security and even more frequently – two factor authentication. To explore this further, let’s first define what 2 Factor Authentication is:

Wikipedia defines two-factor authentication as:
Multi-factor authentication (also MFA, two-factor authentication, two-step verification, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something only the user knows”), a possession factor (“something only the user has”), and an inherence factor (“something only the user is”).

As an end user or even IT administrator you currently have a LOT of free and inexpensive options to deploy 2FA today. These exist both in software or virtual MFA and inexpensive physical hardware tokens. First lets explore the software options:

Virtual MFA Applications

Virtual MFA applications allow you to install a free or paid application on your smartphone, desktop or tablet that allows you to supply a second factor for authenticating you to any service. Examples are:

Google Authenticator

Google Authenticator is a virtual MFA that lets you set up Google 2-step authentication. The Authenticator provides a one time six digit password for you to use during login in any of the many supported services.
https://support.google.com/accounts/answer/1066447?hl=en

Supported Devices:
Android, Blackberry, iOS, dozens of other 3rd party implementations

Google authenticator works with a variety of services such as: Google, Amazon Amazon Web Services, Salesforce, WordPress and dozens more. Additionally there are many

AWS Virtual MFA

Amazon’s AWS Virtual MFA for Amazon’s cloud services. At this time it is available on Android platform only. Amazon AWS also support virtual MFA from Google Authenticator, Windows Authenticator on a variety of other platforms..
http://www.amazon.com/gp/product/B0061MU68M

Supported Devices:
Android only.

Microsoft Authenticator

Microsoft’s virtual MFA for Windows Phone come in the form of Microsoft Authenticator. It works with Windows Azure to offer multi-factor authentication and several other Microsoft services.
http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b

Supported Devices:
Windows Phone 7.5-8.x

Symantec Virtual MFA

Symantec’s virtual MFA application works much like the others but offers an even dizzier array of supported options.
https://vipmobile.verisign.com/

Supported Devices:
Android, Apple iPhone, iPad, Windows Mobile, Blackberry, Windows 7-8*, Mac OS* *Via VIP Access Desktop

Hardware MFA

Hardware based MFA solutions add an additional layer of security with a small cost. They are not subject to the weaknesses of a trojan or man in the middle attack. A determined cybercriminal would have to obtain these devices from you to gain access to that OTP generated by the device. This is in stark contrast with the known security issues with todays mobile smart phone platforms. Noting the low cost and minimal complexity of this solution it should be a no brainer for the average user or systems administrator. Below are a few of the many options to investigate deploying:

PayPal Security Key

https://www.paypal.com/securitykey

Gemalto MFA for Amazon AWS

http://onlinenoram.gemalto.com/

Symantec Security Card/Token

https://idprotect.vip.symantec.com/

Yubico

http://www.yubico.com/

Given the known weakness of today’s password technologies any technologies to enhance it until we have an alternative are welcome. 2FA options in virtual MFA and hardware MFA are inexpensive, easy to implement and a powerful step in the right direction. I hope that you will explore and deploy these easy solutions to a more secure world.

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Information SecurityTagged ,  |  4 Comments

4 Responses to "Two Factor Authentication Virtual & Hardware MFA – Part II"

Leave a reply