Security

Using XaaS for your business? Then you need one of these multifactor authentication apps

The password simply isn't secure anymore. Spyware, brute force attacks, dictionary attacks, and phishing can make circumventing passwords easy. Here are five tools to add an extra layer of security.

two-factor.jpg
Image: iStock/BeeBright

Passwords are dead, or at least they should be. Constant hacking and leaking of usernames and passwords leaves little doubt that companies can't be trusted to protect user data, and personally owned devices like PCs and smartphones have never been reliably secure.

In short there's no reason to assume that your password isn't going to be intercepted, hacked, or brute cracked.

Businesses large and small need to provide their employees and users with an extra layer of security, especially with so much work being done remotely in the modern era. Users of Facebook, Google, Amazon, and other large online companies are familiar with the most common way security is improved: Multifactor authentication, or MFA. There's no reason you can't add this extra layer of security to your business as well.

MFA adds a second security requirement on top of a password, generally a series of randomly generated numbers. They're single use, only allow access for a short period of time, and can be sent via SMS, email, or through a hardware token.

SEE: Your password is weak. Adaptive authentication can offer some armor. (TechRepublic)

SMS is the most commonly used method and is easy to incorporate into existing infrastructures. Here are five products that you can add in with just a few lines of code. None of them are cheap, but they are when you consider the alternative.

Celestix HOTPin

HOTPin offers tokenless logins that can be sent via SMS or through an app available on iOS or Android. It also allows users to scan a QR code for login, eliminating the need for sending a code.

In addition, it features a self-service portal for users, API access, and an SDK so that it can be integrated into a variety of platforms and systems.

SecureAuth IdP

SecureAuth's IdP offers "six layers of defense" to provide security greater than SMS verification alone. It analyzes the IP address of the login request, the geographic location, and the device itself, and stores IDs to check for fake profiles, behavioral biometrics, and the "geo velocity" of access requests from locations that are simply too far apart to be from a single source.

SecureAuth IdP also offers iOS and Android apps.

Twilio Authy

Twilio's MFA offering, Authy, has a mobile app for iOS and Android, can send SMS or voice messages, and will even provide transaction authorization to confirm that a user is actually signing in when their credentials are used with a yes/no response.

SEE: Worried about identity theft? Then you should avoid these password pitfalls (TechRepublic)

Authy says that its API is so basic that it can be added to web and mobile apps with fewer than 10 lines of code. If that's true it might be the simplest choice available.

Microsoft Azure

MFA through Microsoft Azure is perfect for businesses heavily invested in the Microsoft ecosystem. It can be deployed locally or through the cloud, is already baked into a variety of SaaS platforms, and is even priced per use for smaller offices.

If you're opting for Azure instead of AWS cloud services there's no reason not to choose the Microsoft route.

Like other platforms, Azure offers mobile authentication apps for iOS and Android.

Quest Defender

Quest Software, now owned by Dell, offers an MFA solution Called Defender. It is designed to integrate with Active Directory, so there won't be any need to duplicate or replace a user database, saving time and money.

Defender offers hardware tokens along with iOS and Android apps, giving administrators the choice of how users authenticate. It also offers service for Unix and Linux systems in the form of a pluggable authentication module, meaning all your systems will be secure.

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox