MFA is the foundational element of a zero trust security model. In order to protect sensitive data, you must verify that the users trying to access that data are who they say they are. It is an effective way to protect against many security threats that target user passwords and accounts, such as phishing, brute-force attacks, credential exploitation and more. By integrating two-factor authentication with your applications, attackers are unable to access your accounts without possessing your physical device needed to complete the second factor.
- Easy, Effective and Secure
- Zero Trust Made Simple
- 2FA for Every Business
Overview
Two factor authentication methods are based on a variety of technologies, most prominently one time passwords (OTPs) and Public key infrastructure (PKI). What is the difference, and which should you use for your organization?
One-Time Passwords
One time passwords (OTPs) are a form of ‘symmetric’ authentication, where a one-time password is simultaneously generated in two places—on the authentication server and on the hardware token or software token in the user’s possession. If the OTP generated by your token matches the OTP generated by the authentication server, then authentication is successful and you’re granted access.
PKI Authentication
PKI authentication is a form of ‘asymmetric’ authentication as it relies on a pair of dissimilar encryption keys—namely, a private encryption key and a public encryption key. Hardware PKI certificate-based tokens, such as smart cards and USB tokens are designed to store your secret private encryption key securely. When authenticating to your enterprise network server, for example, the server issues a numeric ‘challenge.’ That challenge is signed using your private encryption key. If there’s a mathematical correlation, or ‘match,’ between the signed challenge and your public encryption key (known to your network server), then authentication is successful and you’re granted access to the network.