logintc-whitepaper-design-feb26
TRANSCRIPT
Why it’s in danger and how to keep it safewith two-factor authentication (2FA)
YOUR BUSINESS ISUNDER ATTACK:
LoginTC 2FA Solution Guide | 2015
! !
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
CONTENTS
INTRODUCTION........................................................................ 2
THE PROBLEM.......................................................................... 2
THE SOLUTION......................................................................... 4
CHOOSING A 2FA PROVIDER...................................................... 4
INTRODUCING LOGINTC............................................................ 6
BEST PRACTICES FOR IMPLEMENTATION AND DEPLOYMENT....... 8
NEXT STEPS.............................................................................. 10
CONCLUSION............................................................................ 10
1
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
INTRODUCTION
Watch out – your business or organization is under attack! No, perhaps not this instant. But, with
hackers lurking at every virtual corner, and with millions of hack attempts taking place each day, the
threat of cyber-warfare is ever-real and always present.
Not convinced? Take this challenge: Try to go a single day without encountering word of a cyberattack
in the news. Unfortunately – from Twitter to Sony and the New York Times – in the modern digital age,
that’s simply not possible.
Security breaches aren’t reserved for high-profile corporations, either. Cyber criminals don’t
discriminate based on size or status – they capitalize on vulnerabilities. And password-only
identification for access to corporate resources (such as a VPN, portal or web app) is a major
vulnerability.
Luckily, there’s a solution to the flimsy passwords of the past. The future of access and identity
management is a cybersecurity system called two-factor authentication (2FA). In this whitepaper, we’ll
explain what 2FA is, outline the different types of 2FA providers, and show you how to leverage 2FA to
protect your business or organization.
Just remember the bottom-line: You’ve worked hard, and that’s not worth risking. The Web, like
the real world, is full of opportunity; but it’s also full of dangers that must be taken into account.
Implementing 2FA can be simple, scalable, cost-effective, and highly secure… if you do it properly.
Keep reading and this White Paper will give you the insight you need to do just that.
THE PROBLEMYour business or organization relies on certain essential tools to function day-to-day. For instance,
maybe employees access important documents or email through a corporate portal, or work remotely
and connect to an office VPN (virtual private network). Maybe there’s an e-commerce component to
your company that runs on a content management system, such as WordPress. These resources are
necessary but they are not secure. Without proper protection, they act as points of entry, or holes in
your defensive armour. Cyber attackers are constantly scavenging the web in search of such holes –
seeking login information they can use for their own malicious purposes, maiming your company in the
process. This can result in bad PR, lost revenue, angry customers and debilitated systems.
2
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
Here are some examples of the ways hackers take advantage of access-related vulnerabilities in order to
break into your corporate resources and steal your digital assets.
Passwords: The “death of the password” is a hot topic right now – and rightfully so, as the public
realizes conventional username/password login systems are flawed. With so many accounts to manage,
some days it seems as though there’s less memory space in our brains than on our servers.
So, people opt for easy-to-remember passwords (believe it or not, studies show that the most
popular passwords tend to be “Password” and “123456”). However, easy passwords are easy to crack.
Users who gear toward more complex passwords may be tempted to use the same passwords across
multiple accounts, turning a single breach into a massive catastrophe. Besides, what good does a
strong password do once it’s stolen? Through these means, hackers gain the credentials they need to
compromise numerous accounts at a time.
Developments in black-hat “magic”: Black-hat (or bad guy) computer experts are growing smarter,
finding new and increasingly sophisticated methods with which to carry out online crime. Cracking
passwords is not just about brute-force (computer-generated trial and error). There are also:
• Phishing Attacks – Hackers use email, SMS and fake websites to masquerade as trustworthy
entities.
• Malware / Trojan Horse Attacks – Harmful viruses often disguised as benign files that get
downloaded onto your PC for purposes like key logging.
• Man-in-the-Middle Attacks – Session hijacking in which an unwanted impersonator
intercepts an active online session.
• And more.
BYOD / Remote Access: A rising number of businesses are adopting the BYOD (bring your own device)
model, turning smartphones and tablets into both a consumer and corporate standard. At the same
time, remote work is becoming more commonplace.
However, this means IT administrators managing access to digital workforce assets are overseeing
more foreign users and devices than ever before. This leaves a lot of room for vulnerability due to the
introduction of unsecure environments.
3
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
THE SOLUTIONWhat is two-factor authentication? As its name suggests, two factor authentication (2FA) requires that
two independent factors be present in order for a login or “authentication” to take place.
The user must possess two kinds of credentials:
1. Something they know (a traditional PIN or password known only to the user)
AND
2. Something they have (an item only the user possesses, such as a token or mobile
phone)
Conclusion: When 2FA is enabled, even if passwords are cracked via an exploited vulnerability, it
would still not be possible for hackers to access unauthorized accounts because they would not be in
possession of the second factor credential, whatever the item may be. 2FA provides an added layer of
protection and security.
CHOOSING A 2FA PROVIDER
Not all two-factor authentication solutions are created equally. Here are some common methods of
deployment:
Hardware Tokens: Typically carried on a key ring as a key fob, hard tokens generally display a random
number that changes periodically at fixed intervals, known as a one-time password (OTP). The user
enters this number for access, authenticating to the server that s/he has the token therefore verifying
his/her identity. Hard tokens can also take the form of smart cards or a USB dongle.
Software Tokens / App-Based OTPs: OTPs (one-time passwords) do not always involve a hard token.
There are software versions, too, where in the dynamic authentication code is stored and displayed on a
computer or in an app on a smartphone or tablet.
SMS-Based One-Time Passwords: Mostly known as 2-step verification (as opposed to 2-factor
authentication), some 2-stage access systems operate by sending a code to a user’s phone via SMS.
4
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
If you are considering safeguarding your business or organization by implementing two-factor
authentication, it would be wise to start by asking yourself the following 10 questions before selecting a
2FA provider:
1. Does the solution provide a high quality of security and protection?
2. Does the solution help us achieve compliance where necessary?
3. Does the solution require that we purchase and adopt any additional hardware?
4. Would the solution integrate well with our current infrastructure and practices?
5. Does the solution offer choice – both for the end-user in terms of what device they will use
for 2FA, diminishing the adjustment period, and for the admin in terms of how s/he will
manage it?
6. If the solution is SMS-based, how is the problem of poor network coverage resolved?
7. Is the solution simple or complex (time consuming) to set-up?
8. Is the solution simple or complex (time consuming) to manage once implemented?
9. What are the costs associated with this solution and how do they compare to other
solutions?
10. Is there help and support available regarding this solution if needed?
Push Notification Alternatives: Emerging mobile 2FA alternatives use 3G/4G or wireless push
notification networks, rather than SMS or OTPs, to send access requests to a user’s mobile device
(smartphone or tablet), which the user can then approve or deny.
5
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
INTRODUCING LOGINTC
What happens when you take the best elements of 2 factor technology, leave out the flawed aspects,
and add enhanced security measures? You get LoginTC, which falls into the “Push Notification
Alternatives” camp. This means LoginTC provides high-security two-factor protection without
requiring any additional infrastructure. It also does away with cumbersome text messages and OTPs,
heightening security and improving user experience. Instead, LoginTC leverages something you already
have (especially in a BYOD – bring your own device – environment): a mobile phone, tablet or Google
Chrome. This makes deployment simpler for everyone involved and much less expensive.
#1 in 2-Factor AuthenticationProtect what matters with LoginTC
6
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
How it works:
End-users, who have been registered and provisioned by your administrator, download the LoginTC app
on the mobile device or desktop of their choice. To log in to a LoginTC protected asset (e.g. VPN), users
enter their usual information (username/password) in the usual login form. A wireless notification
is then pushed to the user’s device so the user can easily and instantly approve or deny the access
request, identifying him/herself while mitigating fraud in three simple steps: receive, decide, unlock.
The LoginTC app also acts as an identity credential manager that can be used for multiple LoginTC
credentials.
RECEIVE. DECIDE. UNLOCK.
7
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
BEST PRACTICES FOR IMPLEMENTATION AND DEPLOYMENTWe wish we could say transitioning to a new security system is as straightforward as re-booting a
PC, but we can’t. It involves planning and maintenance. However, there are things that can make
the process as quick and painless as possible. That’s especially true with LoginTC:
LoginTC Advantages:
• Enterprise grade
• Cloud-based (no additional hardware)
• Leverages your pre-existing infrastructure, virtualization and mobile investments
• Highly scalable (yes – even for millions of users)
• Leverages 3G/4G or Wi-Fi push networks to send push notifications (rather than SMS or
OTP)
• More secure and reliable then SMS networks
• More convenient (single-screen elegance, no race against the clock)
• Works worldwide without possibility of incurring charges
• No SMS codes or OTPs which can be copied to other devices
• Mobile devices much less likely to be lost than hard tokens
• Cuts cost of replacing tokens
• No need to keep extra stock in inventory
• Reduces administrative headaches
• No expiry
• Secure Remote Password (SRP) protocol
• Pads SSL/TLS for further protection
• 1:1 correlation between LoginTC and the mobile device to mitigate phone cloning
• No Personally Identifiable Information (PII) required
• Can integrate with your current fraud detection system
• Provides dynamic contextual information for real-time threat alerts
• PCI DSS, HIPAA and FFIEC compliant
• Customers range from SMB to enterprise (including LTG Federal, Infostrada and Harlequin)
as well as important government organizations
8
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
Choice: With LoginTC, everyone has a choice. End-users decide whether to utilize their smartphone
(iOS, Android or BlackBerry) or their desktop via Google Chrome. Administrators decide whether to
provision a PIN or passcode, what pictogram and contextual information will be displayed alongside
access requests, and what method of user enrollment works best for them.
Easy Installation/Configuration: There is detailed documentation on the LoginTC website, which
provides step-by-step instructions on how to best install and configure LoginTC 2FA, including specific
instructions customized for popular platforms such as Cisco ASA, OpenVPN, WatchGuard, SiteMinder,
OpenAM, Unix SSH, Drupal, WordPress, Joomla, and more.
Web-based Graphical User Interface (GUI): LoginTC recently made the installation/configuration
process even simpler for administrators by eliminating the need for flat configuration files and text-
based commands, replacing them instead with a dynamic web interface for browsers. This reduces the
time commitment required by admins for set-up by 80%.
Painless Integration & Management: User management is made easy through the cloud-based LoginTC
Admin Panel. There are several options for enrollment so that LoginTC best integrates with your
existent practices, including: self-registration, bulk uploads, syncing with LDAP/AD active directories,
or using REST API. LoginTC supports federation systems.
Cost-Effective: No hefty annual software license renewal fees, per-token fees or overhead costs.
LoginTC keeps it under $1.50/a month (per user), is free under 10 users, and offers substantial volume
discounts.
Customer Service: If all else fails, the LoginTC team is available by phone and by email to provide
support. Email [email protected] and expect a speedy reply!
9
COPYRIGHT © 2015 LOGINTCLOGINTC 2FA SOLUTION GUIDE
NEXT STEPS
CONCLUSION
Get started today. Try a free demo by visiting https://www.logintc.com/demo/ or begin a free trial right
away: https://cloud.logintc.com/panel/register.
Password-only protection is no longer enough! Choose a two-factor authentication solution that’s
simple-to-use, scalable, cost-effective and highly secure.
Whatever your infrastructure – whether your digital assets / corporate resources are accessed via virtual
private network (VPN), web access management system (WAM), identity and access management
system (IAM), or content management system (CMS) – we believe LoginTC is the answer. LoginTC
is readily available to begin working with you to provide top-of-the-line cloud-based two-factor
authentication for mobile or desktop that meets all of your needs.
10
LoginTC is developed by Cyphercor Inc., which develops and delivers mobile and browser security solutions that
enable two-factor authentication credentials. Cyphercor’s strong authentication approach offers unprecedented
capabilities to smartphone, tablet, and browser users and security conscious organizations.
Cyphercor helps users and organizations meet or exceed their security and business goals by providing mobile and
browser solutions that:
• protect digital identities with encryption and safe transactions
• deliver free and easy to use apps to access cloud and business applications
• deploy and enable in minutes
For more information, visit www.logintc.com or email [email protected]
Copyright © 2015 Cyphercor Inc. All rights reserved. LoginTC and its families of related marks, images, and symbols
are the exclusive properties of Cyphercor Inc.