Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access.
However, the problem is finding the right one that suits your business practices. Three considerations when assessing potential solutions are:
- Cost – it can be on the expensive side as it can bring potential cost increases for things like additional support, maintenance and training.
- Backup Options – there needs to be a backup plan in place in case a user loses their phone or token.
- Complexity – some physical authenticators require additional drivers, adding another dimension of complexity for deployment, support, and maintenance.
Protect the ‘Keys to the Castle’
One of our customers has taken an interesting approach to securing credentials within their organisation. With limited budget and resources meaning they couldn’t apply two-factor authentication across their entire estate, they focused on securing administration accounts for free, with the help of Duo Security.
Why focus on securing administration accounts?
Regularly changing administrator account passwords is even more important than regularly changing unprivileged user account passwords. There is only a certain amount of mischief an attacker can get up to with regular user access but if they obtain the password of a systems administrator, they have the ‘keys to the castle’ and the entire organisation’s infrastructure is at risk.
- Unknown data movement due to forgotten legacy scheduled jobs.
- Insider misuse – vendor or (ex) employee – which is 6x more common than “hackers”.
- Cached local password secrets (and simple things like password entries in username fields of events logs etc.) are susceptible to misuse.
They allow organisations to test out their solution with a lifetime free trial for up to 10 users. This customer decided to use this free trial to secure their most important users – system administrators.
Duo’s 2FA solution is simple and offers a variety of supported authentication methods to fit different business practices, such as SMS Passcodes, Phone Callbacks, Application push notifications and many more.
For more information about Duo Security or advice on selecting the right Two Factor Authentication solution for your organisation, fill the form below to get in touch.
Keep Up To Date
Join our mailing list to receive the latest news and updates from Secrutiny.
GET IN TOUCH…
*We’d love to keep you up to date with security alerts, free tools & techniques, event invites and company updates. We’ll always treat your details with the utmost care and will never sell them to other companies for marketing purposes. Remember you can change your preferences and opt-out at any time.