6 Things that may surprise you about some multi-factor authentication solutions

Here are 6 things you may want to investigate when comparing multi-factor authentication solutions.  Swivel Secure rarely boasts about how robust and flexible AuthControl Sentry^® is, but sometimes we even surprise ourselves.  Take a look at the information below and see if it surprises you…

1. True multi-factor authentication or 2FA?

True multi-factor authentication consists of something that you have (hardware token or mobile app), something that you know (PIN), and something that you are (fingerprint).  However, some solutions market their offering as multi-factor authentication, despite only consisting of two of the three factors i.e. 2FA

2. Don’t wait for a man-in-the-middle attack

When a user authenticates access to an application, the window of opportunity to use the authentication code can last up to 45 seconds, or even twice that time with some (well known) hardware tokens. At this time, unauthorised access can occur including attacks such as ‘Man-in-the-middle’.  Once successfully authenticated, the infiltrator potentially has access to the network and the ability to cause a catastrophic amount of damage.

3. Ensure a one-time code is a one-time code!

Typically, a one-time code (OTC) means it’s a code used on a device to authenticate access to a computer or application.  The OTC can be delivered on a separate device such as a mobile phone or traditionally a hardware token.  As the name suggests, an OTC is designed to be utilised only once for security purposes. Yet, some authentication suppliers provide the same code simultaneously, on different devices to authenticate access.

4. How and where is your data stored?

Part of today’s organisational security requirements often needs authentication to support architecture that is on-premise, in the cloud or in a combination (hybrid-cloud). Surprisingly, some solutions only support a cloud architecture and organisations are now starting to realise the negative security implications of storing data in a shared public cloud environment, choosing to move to an ‘on-premise / private hybrid hosting environment’, despite the perceived higher running costs because the security benefits simply outweigh the cost factor.

An additional consideration for data storage is the impact on GDPR regulations.  For example, you might subscribe to a “local” hosting service, only to find your access point is in another country and your data has been moved to another data centre (DC) in another country.  Ensure you know where your data is being held geographically as well as structurally.

5. Public cloud-based multi-tenancy and multi-tiered architecture can restrict your options to secure your data

Sometimes, it just makes sense to host selected applications and databases in the cloud. However, most cloud instances reside in multi-tenanted and multi-tiered data centres. This often exposes your data to a range of variables that can affect the integrity, security and operational stability. Most importantly, depending on where it is implemented and how your cloud authentication software was designed, it can often restrict your options for protecting it because it compromises the integrity of the system i.e. a shared service, with minimal customisation, reduced integration and shared access and management control.

6. What do you need to integrate with today and tomorrow?

Adding flexibility to an organisation so they are supported as they grow and evolve, should be high on the checklist when looking for a multi-factor authentication solution. However, there are quite a few solutions that are restricted in their integration capability.  They can only integrate with a limited number of software and hardware devices, usually because of their associations with other providers or their ownership.

Get in touch for more information on authenticating access to your applications using true multi-factor authentication that provides integrations with hundreds of applications whether stored on-premise or cloud-based.