Skip to main content

Are most people doing two-factor authentication right?

Needless to say we're big proponents of two-factor authentication around here. We also have a pretty broad spectrum of customers from large service providers pushing two-factor authentication out to customer to small businesses doing security for the first time thanks/due to PCI requirements. A lot of infosec rock stars talk about how PCI should be a floor and without disagreeing, we first hand see companies reaching that floor, called by some the 'information security poverty line' and know that it is a big improvement.

One of the key ways we know whether a company is really trying or not is how they configure their two-factor authentication in their network. PCI regulations can be met by having your VPN talk directly to the two-factor authentication server. This configuration is quite easy if you use radius.

It takes more effort up front to have the VPN concentrator talk to your directory and have the directory perform authorization and then proxy the authentication request to the WiKID Strong Authentication server. However, the security benefits of this setup are clear. It is much easier to deprovision users and to have role changes reflected immediately.  Long term, it's also less work and more flexible.

While recently review our web analytics I was interested to see that our top instructional content piece over the last 90 days is "How to add two-factor authentication to NPS". The next most popular is our tutorial on "PAM radius for Ubuntu", followed by "How to add two-factor authentication to OpenLDAP & Freeradius".  Lees popular, but still higher than most of our VPN tutorials is "How to Configure IAS to Support Two-factor authentication".

So two of our top three tutorials of late are about setting up two-factor authentication correctly. Of course, you can argue that almost everyone that has a directory is using AD or OpenLDAP, where as we have a tutorial for all the major VPN providers (Cisco, Juniper, Sonicwall, etc. etc.) but I choose to see it as heading in the right direction. (Of course, if I weren't an uber-optimist I would have a real job instead of being

In addition, these numbers do not include the downloads for our eGuide on Adding Two-factor Authentication to your Network, which of course stresses the inclusion of your directory, with NPS as an example.

Current rating: 1

Recent Posts







RSS / Atom