Sunday, October 5, 2014

2FA for Feds

Two-factor authentication is gaining traction among online service providers as a way to prevent their customers' accounts from being hijacked.

2FA is relatively simple. In addition to a username and password, a single-use code is sent -- typically to a user's cellphone -- to verify the customer's identity.
Some government departments and branches of the military have been using 2FA for years. However, it usually involves a dedicated token -- just another gadget that has to be lugged around and can be lost, stolen or forgotten.
The complexity and expense of token-based systems has acted as a brake on the more widespread adoption of 2FA in the federal government.
In an effort to change that, Globalscape last week announced an alliance withSMS Passcode.

With governments at all levels looking for economical and effective security solutions, a 2FA system that uses something employees already have -- their mobile phones -- could be an attractive proposition.

While agencies still would need to pay licensing fees to Globalscape and SMS Passcode, much of the overhead of token-based systems could be eliminated.
"It dramatically increases security with only those licensing fees," Greg Hoffer, senior director of engineering for Globalscape, told TechNewsWorld. "That's a lot cheaper than solutions that are hardware based or Web-application firewall-based."

Another benefit of the SMS solution is that it's location aware, he noted.
"If a log-in attempt originates in China and we know your mobile phone is in the U.S. or Canada, the system will block the log-in attempt," Hoffer explained. "So it increases security through geo-awareness."

No comments:

Post a Comment