Two factor authentication
Many applications need passwords for logging in, and the number of applications is steady growing. People tend to use either one password for all applications, or a separate password per application, but have that written down somewhere. Both methods are insecure, such passwords are easily intercepted. Moreover, for many applications only a password as access security is insufficient. A password can fall very easily into the hands of third parties, by the means of keyloggers and Trojans that are present on systems without being known. A method that strongly reduces this risk is two-factor authentication (2FA).
What is Authentication?
Authentication is a part of a digital access control process:
- Identification: the disclosure of the identity of a user or application, such as a user name.
- Authentication: check wether the proof of identity is sufficient for entry. There are various forms of authentication.
- Authorization: a user or application is granted access.
Which authentication types are there?
- Knowledge: Something you know. For example, a PIN or password.
- Property: Something you have. For example a passport. Examples from the digital world are a token or smart card.
- Feature: A personal property. For example, a fingerprint or iris scan.
To reduce the possibility of 'cracking', multiple authentication types are combined. The use of an OTP token in addition to username / password authentication thus combines two factors: the password is "knowledge", the OTP token is the 'property'.
For OTP authentication there are OTP tokens available in various forms. This can be a token with a display, or a card reader such as used for banking. OTP tokens create on-demand passwords, called One-Time Passwords (OTP).
OTP is based on one of the following techniques:
- Event-based OneTimePassword
These cryptographic method is based on an incremental and sequential number. If the button is pressed on the token, the input value, together with the private key in the token creates a unique OneTimePassword. This type of token does not expire and is therefore very user-friendly.
- Time-based OneTimePassword
This cryptographic method is based on the time of the token and the server. If the button is pressed on the token, the current time together with the private key in the token creates unique OneTimePassword. The OneTimePassword change either every 30 or 60 seconds. This short validity minimizes the chance of interception.
PKI makes use of certificates. PKI authentication uses a certificate on a USB token or smart card and is therefore a highly secure form of authentication.
Log in to the Control Panel with 2FA
You can add extra security to your Xolphin account by activating Two factor authentication (2FA). You need an authenticator for the use of 2FA. The Control Panel supports Time-based authentication.