Two-Factor Authentication for InfoTECH Clients

One of the biggest challenges for any I.T. service provider is protecting the information that clients entrust us with. Administrative access to client systems is a double-edged sword: It grants us the ability to resolve issues in the most efficient manner, but it also requires a client to share sensitive password information. As our company grows, managing these accounts and ensuring our client networks are secure has a been a major priority. We are very pleased to be announcing another free service to our clients that will greatly increase network security and provide the peace of mind that few other providers can offer: Two-Factor Authentication.

What is Two-Factor Authentication (2FA)?

2FA is a method of authentication that requires two separate mechanisms for verifying a users identity. Similar to how a bank requires you to have a debit card and know a PIN code, 2FA combines something you possess with something that only you know. In the case of InfoTECH’s 2FA system, our technicians create a unique PIN code and are assigned a hardware token that is carried with them at all times. Using a small application installed on your computer system, any protected account will require our administrators to log in with their normal user name and password as well as their PIN code and a one-time password (OTP) generated from their token.

Why Does My Network Need 2FA?

A common problem with traditional passwords is that they can be easily shared, guessed, cracked, or stolen. It may be unintentional … perhaps you wrote down the password on a sticky note and the cleaning crew picked it up, or you gave it to an assistant and forgot to go back and change it. So how will you know when your password is compromised? Chances are, you won’t. That’s why 2FA is so important: The one-time-passwords generated by user tokens are only good for a single logon and cannot be reused.

How Will 2FA Affect My Users?

In most cases, regular users with their own computer do not need to directly access your server and are unaffected by the upgrade to 2FA. Most clients will never notice the upgraded security, but will be able to benefit from all the features regardless. If your server allows users to remotely connect to the server, we have two options available: A) Sign a security waiver to allow them to access the server in a traditional, non-secure method or B) Take advantage of the InfoTECH’s free 2FA Infrastructure and purchase tokens that can generate the necessary passcodes to log in securely.

How Secure is 2FA?

Software tokens that our technicians carry are programmed with a unique 192bit AES encrypted key that produces 8 digit one-time-passwords (OTPs). The keyspace has over 2.8 trillion different possibilities and the “valid” key changes with each use. This is combined with a unique 4 to 8 digit PIN known only to the user. Combining the two produces an ultra-secure 12-16 digit passcode that can only be generated by someone that knows the PIN and has physical access to the token. Tokens only display an OTP for 30 seconds before it cycles. Authentication is accomplished via a 128-Bit SSL secured tunnel to our servers to verify the identity and permission of the user. All of this information is added to a standard user name and password combination to grant access to your sensitive resources.
2FA technology has been used to secure systems from Google, Apple, Microsoft, and word-class datacenters around the world.

Comments