Multi-factor improves security and convenience

November 2015 Access Control & Identity Management

An effective strong authentication solution must be able to add security without adding significant costs or complexity. For today’s enterprise environments, an easy to use, simple to manage, strong authentication solution is ideal when working with the wide variety of users your organisation must support to protect you against the many known and yet to be discovered attacks out there. Here is a list of what a strong authentication solution provides:

• Two-factor or multi-factor authentication (MFA) to increase the confidence you have in your user’s identities, so you can grant them appropriate access.

• Differing levels of access based on the risks associated with different types of users and transactions. You should be able to deliver transparent, layered security capabilities to significantly increase your security, without impacting the user experience (at least not for users connecting from their trusted devices and locations). It can be achieved by solutions capable of doing:

o Advanced fraud detection capabilities that consider factors such as geographic location and device information when authenticating users, so you can limit access to trusted devices in trusted countries. Alternatively, users can be asked to use a supplementary, or more secure, method of authentication, such as a One Time Password sent over SMS, when connecting from devices or locations that are not on the trusted list.

o On-going behavioural analysis: For on-going authentication and improved forensics capabilities, the user activity is constantly monitored and analysed, to learn how a specific user behaves, so that deviations from that behaviour can be detected and alerted without impacting user experience or compromising privacy.

If a deviation occurs (e.g. someone else took over the computer), the application can choose to re-authenticate the user and/or add the event to an audit database for later forensic study. This method can actually be used to reduce the number of times a user actively needs to authenticate to a system for increased user convenience.

Accommodating the different access needs of your users while simultaneously protecting your resources from threats may seem like a constant challenge. However, as detailed above, strong authentication can deliver on both fronts.

Furthermore, today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and secure access to buildings. Alongside this, it supports mobile security tokens that give users a convenient and secure access solution for smartphones or tablet use, enables the integration of intelligence for enhanced security, including device identification, and it also enables effective threat protection using multi-factor authentication as part of a multi-layered security strategy.

Strong authentication is gaining traction as an alternative, since it takes advantage of short-range connectivity technology such as Near Field Communications (NFC), popular in smart cards and a standard feature in smartphones and laptops. These devices can be used to gain access to resources by simply 'tapping in' to facilities, virtual private networks (VPNs), wireless networks, corporate intranets, cloud and web-based applications, and single sign-on (SSO) clients.

A data breach can be one of the top events most harmful to a corporation’s reputation and its customers’ privacy. It is highly recommended that organisations should take necessary steps to combat the threat environment in order to protect their assets and customers. In order to combat the plethora of cyber threats that are able to gain unauthorised access to sensitive customer data, it is critical to adopt flexible, intelligent authentication and credentialing solutions that protect access to everything from the cloud, to data, to the door.

Why is MFA necessary?

Concentrating on securing the network perimeter and relying on static passwords is no longer an adequate option for enterprises as IT administrators grapple with challenges including Advanced Persistent Threats (APTs) and the vulnerabilities created by the Bring Your Own Device (BYOD) mobility model. Increasingly, the only reliable way to combat these escalating threats is to employ strong authentication and a multi-layered security strategy that spans remote access, key applications and servers, and cloud-based systems.

Past solutions did not provide sufficient security, were difficult to use, and their implementation was costly and complex. This has changed with the adoption of smartphones, smartcards and other smart devices that can carry secure credentials. Today’s strong authentication model enables enterprises to create converged solutions that deliver secure logical access to the network and cloud-based services and resources, and control physical access to buildings.

Besides improving cost, security and convenience with the tap-in strong authentication model enabling enterprises to achieve true access control convergence via the same smartcard or phone, it also makes it possible to use many applications such as secure print management, cashless vending, and biometric templates for additional factors of authentication.

Steps to prevent data theft

1. Move past simple passwords to strong authentication

When hackers steal an employee’s access credentials – like their username and password – they can then move through the network, often undetected, and upload malware programmes. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows, like memorised passwords. There should be at least one other authentication factor, such as something the user has (like a computer logon token) and/or is, like a biometric or behaviour-metric solution.

2. Take advantage of the improved convenience of a 'tap-in' strong authentication model

Users increasingly want a faster and more seamless and convenient identity authentication solution than possible with dedicated hardware, one-time passwords (OTPs), display cards and other physical devices. Now tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users can simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password.

3. Employ a layered IT security strategy that ensures appropriate risk mitigation levels

For optimum effectiveness, organisations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an antivirus solution provides the highest possible security against today’s threats.

Pros and cons

Strong authentication is a fundamental element of any security strategy. It helps establish trust in a user’s identity so they can gain risk-appropriate, secure access to corporate resources. However, not all authentication solutions are alike.

To be effective, the solution must be versatile enough to support a layered approach capable of optimally meeting an organisation’s unique needs. It should be able to support multi-factor authentication for all of an enterprise’s different users, and all of their different devices, such as personal phones, tablets, etc., so they can be granted permission to ensure secure access to an organisation’s resources (internal applications, VPNs, terminal services, as well as resources residing in public and private clouds). Enterprises need a solution that offers the flexibility to balance convenience with security and cost requirements – this is what strong authentication offers.

Furthermore, a strong authentication solution coupled with a single credential solution can streamline efficiencies and lower cost, while increasing security at the same time. Such a credential can take the form of single ID badge, smart card or even the user’s mobile phone, and can be used for both physical and logical access – with nothing extra to carry or remember.

For example, this credential can be used to gain remote access to secure networks, replacing the need for a one time password (OTP) token or key fob. As mentioned, strong authentication enables users to securely connect to applications via multi-factor authentication to protect against breaches. A single, converged credential eliminates investments in separate physical and online security infrastructures, simplifies processes, reduces paperwork, and streamlines the overall management of your access control solution.

It also can eliminate the need for passwords and all the processes associated with password resets, etc. Having a strong authentication combined with a converged access credential enables you to minimise the time and costs associated with deploying and maintaining multiple credentials on smart cards, smart USB tokens, mobile phones and other devices for various functions. In doing so, security spend can be focused on those users and applications that need it most.

For today’s dynamic environments, an easy to use, simple to manage, strong authentication solution can best deliver on both the requirements of your users and organisation. Choosing a strong authentication solution gives you the flexibility you need to support and secure the wide variety of users in your organisation, who are using a range of devices to access a number of resources and applications. Through its deployment, you can increase the trust you have in your user’s identity and effectively protect your organisation from the risks of today and tomorrow. As a result, you can securely connect users from any location through a variety of devices and authentication methods to help them conveniently get what they need, when they need it, to confidently drive your business forward.

For more information contact HID Global, +27 (0)82 449 9398,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.