Two-Factor Authentication

Protecting your organization’s most critical IT assets may have you wondering about  how to improve the user authentication process. Requiring a User ID and Password may be “good enough” for access to resources of moderate criticality, but their authentication is susceptible to a major risk – stolen credentials.

Adversaries have found many creative ways to steal User IDs and Passwords, including key-loggers, phishing attacks, network sniffers, and even simply glancing over the user’s shoulder. While the use of SSL, modern web browsers, and other countermeasures may mitigate this risk, your organization’s most sensitive users (i.e. super-users, managers, administrators) and critical applications may require a stronger (i.e. two-factor) authentication solution.

Lighthouse Gateway’s Web Access Management (WAM) capabilities include support for two-factor authentication. This enables you to provide a strong authentication solution to your users, protecting critical web applications at a level beyond the typical User ID and Password. Best of all, the solution requires no alteration to your existing web applications, and you can incorporate the authentication type a user is utilizing into your access control policies. For example, you may allow members with the "Finance Administrators" role designation to access your ERP application with a simple user ID and password when they’re logged into the corporate network during business hours. However, if they’re logged in from outside the office or during non-business hours, you may require a two-factor hardware token.

What is two-factor?

If you’re unfamiliar with two-factor authentication, the concept is quite simple. “Factors” are considered unique elements that enable you to authenticate, or prove your identity, to a system. In the case of User ID and Password authentication, both the User ID and Password constitute a single factor – they’re both “something you know,” very much like a secret.

Two-factor solutions incorporate “something you know” and “something you have” (i.e. a hardware token.) By requiring both factors to authenticate, the ability for traditional adversaries to steal a logical password is eliminated. In a two-factor system, an adversary would have to steal both the password and the physical token, making the challenge much more difficult.

Lighthouse Gateway is compatible with the world’s leading two-factor authentication mechanisms, including RSA SecurID and Vasco tokens, enabling your organization to leverage an existing investment in these technologies and extend them to your Gateway Web Access Management (WAM) solution.