Multifactor authentication secures employee credentials
Multifactor authentication – aka MFA – means the bad guys are S.O.L. even if they get your name and password. By requiring multifactor authentication for users on your network, you ensure that connection attempts provide two or more pieces of evidence before allowing a user access to any resources or applications.
Attackers are turning their attention to the vulnerabilities of remote access because working from home has become a requirement of doing business in 2020. With so many workers connecting remotely, hackers are focusing on phishing, social engineering, link spoofing, and business email compromise as ways to steal user credentials, access company resources, and exfiltrate sensitive data.
By adding multiple layers of authentication beyond the simple password (and let’s be honest, how many of your employees are really using long, complicated passwords?), you can safeguard against these vulnerabilities of human error. And with so many employees working from their home office out of the IT department’s direct line of sight, you’re going to want a few extra safeguards until we’re all back on premise.
FortiToken Mobile: One-Time Password Generator
Fortinet’s FortiToken Mobile is a one-time password generator application compatible with both Android and iOS devices. It supports both time-based and event-based password tokens, adding versatility to how users can be authenticated. The app instantly generates a single-use token right on the mobile device that users are carrying around in their pocket all day long. Even if attackers are able to steal your username and password, they’ll have to pay a visit in-person to steal your mobile phone too.
FortiToken Mobile is a great solution for small businesses that are looking to get started with multifactor authentication at a low price-point. SMBs can get started with licenses for as few as just five employees. Adding additional licensing is quick and easy, making the solution scalable with your needs. Plus, because FortiToken Mobile is sold as perpetual licenses, you only have to pay once. No annual renewals or subscriptions needed.
WatchGuard AuthPoint: Versatile cloud-based authentication
WatchGuard AuthPoint Mobile is designed to work the way your employees work. That means versatility, scalability, and ease-of-use are key. Network administrators can assign different kinds of authentication to specific users, groups, or applications.
Mobile Push Notification – AuthPoint’s mobile device option sends push notifications to a user’s phone after they attempt to log in with their username and password. By responding to this push notification, users let AuthPoint know whether to accept or deny the access attempt.
QR Code — AuthPoint supports a QR code version that works with mobile devices as well. After a user attempts to sign into a machine with name and password, a heavily-encrypted QR code is generated onscreen which can then be read by the AuthPoint app on their mobile device.
One-Time Password (OTP) — Like FortiToken, AuthPoint Mobile is able to generate unique one-time passwords that temporarily act as authentication credentials for the AuthPoint app.
Multifactor Authentication & VPNs
Many of us will be working from home for the foreseeable future and Firewalls.com has seen a mad dash of small businesses trying to stay connected through secure remote access, virtual private networks, and email security. Solutions like WatchGuard IPSec VPN Clients are a great way to keep remote users safely tethered to company resources and applications, but the human factor always leaves vulnerabilities. Most VPN services require only a username and password combination, making them ripe targets for credential theft and phishing attacks.
Compromised VPNs present a greater threat than any single application or endpoint being infected. Once an attacker is able to win a foothold in a remote access tunnel, they’ve got a direct pipeline right back into the heart of your network. When most of your network’s users are reaching out through dozens of VPN tunnels, multifactor authentication becomes a must-have security feature, not a convenient add-on.