There’s a common concern with security and usability. Many 2FA solutions offer a high security connection but make it difficult to implement. Companies don’t want to spend hours looking for ‘the right’ solution and oftentimes just choose the first solution they see or they don’t bother to implement a 2FA solution because of the difficulty, and ultimately pull away from a safer and secure company. This leads to problems because when they do get hacked, they will have no coverage and then be rushing to find a 2FA solution and won’t pick one that is compatible with their existing infrastructure. But what if there was a solution that was ‘the right’ solution, easy to implement, and offered maximum security and didn’t compromise your existing infrastructure?
Authenticating Fortinet Fortigate two factor authentication beyond a username and password is a seamless experience when using an authenticator app such as LoginTC. In order to keep your access trouble free, there are a few things you may want to consider:
- Authentication timeouts: By setting proper authentication and connection timeouts, you to enable VPN clients to have sufficient time for authentication through second factor authentication process.
- Connection attempts: You need to set the attempts of auto connection to one to ensure VPN client does not connect to VPN in case users are unable to authenticate within specified time.
- Auto reconnection: You have to disable the auto reconnection so that VPN client is not reconnected by default after getting disconnected from VPN.
- Maximum VPN Session Length: Maximum session length has to be increased to 8 hours or even longer. Few VPNs may need users to establish the connection again and then reauthenticate once a specific period has elapsed.
- Challenge authentication mode: This mode enables users with the challenge with instructions as to how to go about after putting username and password.
Using a Fortinet Fortigate two-factor authentication system can be a new change for your employees. As an administrator, you want to make sure you’re implementing the right 2FA method that gives you the security you need but also doesn’t compromise time and efficiency for the employees.
You want to enable an authentication system that limits if not eliminate calls to your tech center, and needs little to no guidance from the technical department. Here are some of the more common two-factor authentication methods:
Hardware Tokens
Hardware tokens are one of the original methods of authentication. They come in a small key fob like device and generate a unique code every 30 seconds. The moment, users submit first authentication request, username and password, they then proceed with keyfob and enter the code the hardware token is displaying. Another form of hardware token includes a USB, that when inserted into a computer, displays a security code for the user to input.
Hardware tokens are generally more expensive for companies to issue to their employees and still pose a cybersecurity risk because they can easily be lost by users and cracked by hackers.
Text Message and SMS Notifications
Short messaging services (SMS) and text messages are enabled when a user completes their first initial authentication (username and password). When a username and password is entered, a SMS notification is then sent to a user’s mobile device containing a unique one-time passcode that the user then enters into the application service.
SMS notifications are generally used by banks or financial services to verify their customers’ purchases made through their online banking accounts. While this is an easy option to verify someone’s identity, they are trying to move away from this option as SMS and text messages can be easily intercepted.
Similar to SMS notifications, phone call verification is also a common method of authentication. When a user enters their login credentials, they will receive a call to their mobile device that tells them the code they need to enter.
Push Notifications
Push notifications are considered to be a passwordless two-factor authentication Rather than receiving the code through an SMS notification or phone call, which can be hacked, users are instead sent a push notification through a secure authenticator app on their registered mobile device.
Push notifications through the authenticator app notify the user if the action that has been requested and alerts them that an authentication attempt has been made. The user can either approve or deny the notification depending on if it was them or not trying to authenticate.
This method of authentication creates a connection between the app itself and the user who is attempting to access the network through the 2FA service provider. Push notifications are efficient, and decreases the threats of security risks like, man-in-the-middle (MITM) attacks, phishing along with other unauthorized access attempts.
Push notifications, while more secure than SMS or voice calls, can still carry risks. If a user accidentally confirms an authentication request that wasn’t theirs, then a hacker can access the network. This isn’t likely to happen but it’s still a possibility which is why a user needs to carefully read the authentication request before approving or denying.
When setting up your two-factor authentication solution, you want to make sure that you’re choosing a method that is easy to implement companywide and doesn’t compromise user efficiency. With LoginTC and Fortinet Fortigate 2FA authentication, you can ensure that your company has maximum security while also keeping your company access trouble free.
