29 July 2014

We all know that username and passwords are a good idea if you can persuade yourself or your users to use a complex passwords and to use one per site.  The grim truth is that people do not use sensible passwords or the passwords they do use are easily cracked.  Also, the complex password, once created and memorized, is used in more than one place.  However, the worst nightmare is if the database holding the passwords is hacked and then there is a scramble to reset all the passwords with the damage to reputation that brings.  It is into these scenarios that two factor authentication (shortened to 2FA) is frequently introduced.  It helps mitigate the weaknesses of single factor authentication and gives organisations more time to react to break-ins. Traditionally, this has been done through expensive tokens that have to be handed out.  Each user needs one for each secure resource they access and apart from being a pain to carry, they are frequently lost which can be expensive.  The problem is then getting a new token to the end user in a timely fashion.  This falls on the IT department to order the new token, liaise with the end user to give them the token and ensure it works. However, with the advent of Google Authenticator (GA) there is a cheap and effective alternative. By downloading the relevant app onto a smart phone, GA turns the mobile phone into the second factor (something your end user has).  If they lose the phone, you can be confident that the end user will usually move very fast to have it replaced as their lives, as well as their authentication, goes through it.  This greatly reduces the workload on the IT department, eases the problem for the end user (they don’t have another item to lose) and speeds up replacement as usually phones can be replaced swiftly. The only part of the jigsaw missing is something to work with.  Redscan have recently updated their Service Delivery Platform (SDP) so that it can integrate with GA.  So for remote users using OpenVPN, L2TP or PPP, a VPN can be connected, at no extra cost with 2FA.  Our support team will set up the SDP and all the user needs to do is download the app, point the camera at the QR code on the user interface of the SDP and they are ready to go.  The process for the end user is simple enough:

  1. Bring up the remote client, say Microsoft’s L2TP present on XP, Windows 7 and 8 operating systems.
  2. Enter the usual username and password.
  3. Open the app to get the one time password from GA and add that to the end of the password and the customer is authenticated.

2FA doesn’t get much easier than this. If you want to learn more then please contact us either at info@redscan.com or call us on 0203 253 3020, we will do what we can to help.    

back to all posts