With most passwords today considered inadequate and many high-profile cybersecurity attacks starting with compromised credentials, if you’re counting on passwords for security, you may have a problem.
Many organisations are turning to advanced authentication to help manage access and improve trust among customers and business partners. So when we saw how easy Duo Security’s two-factor authentication solution is to use (our CTO deployed it in minutes via his smartphone and was thrilled with the results), we knew this could help our customers to prevent stolen passwords and stop network breaches.
Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password. The factors usually include:
- Something you know, e.g. a unique username and password
- Something you have e.g. a smartphone with an app to approve authentication requests
- Something you are, e.g. biometrics – like your fingerprint or a retina scan
By choosing two different channels of authentication, user logins can be protected from remote attacks that may exploit stolen credentials.
Duo Security works on the basis that your first factor is your password, while your second factor is sent via a push notification generated by an authentication mobile app on your smartphone (BYOD or company-owned) that the user can easily approve with one tap. Everyone carries their mobile phone around with them nowadays (think about the horror you felt when you last realised you’d left yours at home) and a smartphone is much less likely to be misplaced than any other physical token or smartcard, reducing the number of calls to your internal IT helpdesk.
Duo Security also supports more traditional forms of two-factor authentication, like hardware-based tokens and SMS passcodes, supports a number of widely adopted enterprise cloud apps like Salesforce.com, Microsoft Office 365, Google Apps, and Box and can also be used to log into enterprise VPNs or built into your own internal development or collaboration tools.
Without access to a user’s smartphone, remote attackers can’t pretend to be them in order to gain unauthorised access to your corporate network, cloud storage, financial information, etc.
Download the Duo Security Whitepaper: Modern Two-Factor Authentication