Multifactor Authentication: Methods, Use Cases, & Products: E-Guide

E-guide
Multifactor
Authentication:
Methods, Use
Cases, & Products
E-guide
In this e-guide
Exploring multifactor
Cyberattacks can lead to more than $1 million in losses for
authentication benefits and small to medium-sized businesses, and can exceed several
technology p. 2 million dollars for larger corporations.
Three examples of multifactor Multifactor authentication (MFA) security measures are a

authentication use cases p. 8
proven way to mitigate these threats. MFA methods pair a
standard username and password login with something in the
Purchasing multifactor
authentication tools: What to
user’s possession to ultimately prove that each user is who
consider p. 16 they claim to be.
Compare the top multifactor

In this e-guide:
authentication vendors p. 24
• Discover how MFA technology has evolved over the years
Explore multifactor
and new use cases
authentication products in-
depth p. 35 • Learn how to determine whether to use the technology
• Explore the costs and security risks associated with

About SearchSecurity p. 51
implementing MFA
Page 1 of 51
E-guide
In this e-guide
Exploring multifactor authentication
Exploring multifactor benefits and technology
authentication benefits and
technology p. 2 David Strom, Contributor
Three examples of multifactor

Multifactor authentication, or MFA, is an IT security technology method that
authentication use cases p. 8 requires an individual to provide two or more authentication factors to
confirm his identity for online transactions or to gain access to corporate
applications, networks and servers. Multifactor authentication benefits
authentication tools: What to include tighter security and user identity protection to avoid phishing scams.
consider p. 16
The goal of multifactor authentication methods is to increase the difficulty
for an adversary to exploit the login process and roam freely around
personal or corporate networks and compromise computers to steal
confidential information -- or worse.
Explore multifactor The three most commonly used authentication factors are:
depth p. 35 • the knowledge factor: Something only the user knows -- such as a
username and password, a PIN or answers to security questions;
• the possession factor: Something the user has -- such as a
smartphone, one-time passcode or smart card; and
Page 2 of 51
E-guide
• the inherence or biometric factor: Something unique to the user --

In this e-guide biometrics, such as a fingerprint, iris scan or voice recognition -- that
proves the user's identity.
Multifactor authentication combines two or all of these factors.
technology p. 2
MFA tokens: From key fobs to mobile apps

Hardware tokens, one of the oldest multifactor authentication methods, are
still in use today. A hardware token often comes in the shape of a key fob
Purchasing multifactor that displays a randomly generated, one-time password.
consider p. 16 When a user presses the button on the key fob, the screen displays a
sequence of numbers, typically for 30 to 60 seconds. Users must then
Compare the top multifactor accurately type this transient passcode sequence into the application or
authentication vendors p. 24 resource they are attempting to access before it expires.
The passcode generated by the key fob checks against a server located on
Explore multifactor
authentication products in- the enterprise network to ensure that they match. This server runs the
depth p. 35 identity management processes, sets up various security policies and
connects the tokens with the user directory stores, such as Active Directory
About SearchSecurity p. 51 or RADIUS.
Page 3 of 51
E-guide
If the number sequence matches the generated passcode, the user is

In this e-guide granted access. If not, he or she must start over by once again pressing the
button on the key fob to generate a new passcode.
authentication benefits and This technology has significant downsides, which is why traditional key fobs
technology p. 2 have fallen out of favor. Keeping track of hardware tokens is cumbersome,
and a user may not have the required token on hand when out of the office.
Three examples of multifactor Companies also face the added burden of having to deactivate key fobs for
authentication use cases p. 8 ex-employees or for users who lost their key fobs.
What is the answer to these problems? Mobile tokens and biometric

authentication tools: What to authentication.
consider p. 16
Various mobile apps function like hardware tokens and generate one-time
passwords, helping to alleviate the above issues.
authentication vendors p. 24 Additional second factors enabled by smartphones and other mobile devices
include using SMS texts, emails and cameras to scan QR codes that display
Explore multifactor on webpages when users are trying to sign into applications or perform
authentication products in- transactions.
depth p. 35
Now that many device makers have added fingerprint sensors and cameras
About SearchSecurity p. 51 sensitive enough to scan irises to their devices, organizations can choose
biometrics as one of the factors for multifactor authentication. Biometric
authentication relies on a user's unique biological characteristics, such as a
Page 4 of 51
E-guide
fingerprint or iris scan, to grant access to an application or other resource.

In this e-guide The biggest benefit of biometric authentication is that users don't have to
spend time entering long passcodes or PINs.
authentication benefits and However, biometrics does not have the ability to change codes like users
technology p. 2 can with a PIN or passcode. If compromised, there is no way to change
biometrics, leaving the company and user vulnerable.
The growing appeal of multifactor authentication
authentication tools: What to As passwords have become more insecure, the use of multifactor tools has
consider p. 16 moved from just IT workers to just about everyone in the enterprise,
especially those who have access to personal information.
In addition, with the proliferation of SaaS-based web services and the
number of reused passwords, multifactor authentication methods have
become more important, and they now appeal to small and midsize
Explore multifactor
businesses, as well. Another of the multifactor authentication benefits is that
the likes of Facebook, LinkedIn, Twitter, Google, Apple and numerous other
depth p. 35
vendors have adopted these tools to secure their own applications.
About SearchSecurity p. 51 If enterprises haven't started using and supporting multifactor tools yet,
they'll find it takes some effort to configure and deploy. The tools have many
moving parts, and enterprises will need specialists from different parts of
Page 5 of 51
E-guide
their IT organizations to coordinate and configure their infrastructures and

In this e-guide get protected logins working properly.
Exploring multifactor The most important of the multifactor authentication benefits is that the
authentication benefits and tools are somewhat easier to manage. They still require some integration
technology p. 2 effort, however. To that point, some of these products include various
software agents that can protect virtual private networks, SharePoint
Three examples of multifactor servers, the Outlook Web App and database servers, for example.
Finally, many providers have moved their traditional hardware-based, on-site
multifactor servers into the cloud. Most multifactor authentication vendors
authentication tools: What to offer both options, and many of their customers are choosing off-site
consider p. 16 deployments thanks to the flexibility the cloud offers in terms of support and
management.
The cost of multifactor authentication
Explore multifactor
The typical cost to deploy a multifactor authentication platform is a few
dollars per month, per token. However, this can add up to tens of thousands
depth p. 35
of dollars per year for companies that have a lot of users and tokens.
About SearchSecurity p. 51 Complicating the picture is that each vendor calculates the bottom line price
differently. Pricing options might include quantity discounts, multiyear price
breaks and 24/7 support fees. Some vendors charge on a per-token basis --
Page 6 of 51
E-guide
with differing rates for hard or soft tokens -- while some charge on a per-
In this e-guide user or per-server basis. Other vendors offer added components or
integration layers for an addition price.
authentication benefits and Overall, multifactor authentication tools are worth the hassle, especially as
technology p. 2 the number of password exploits continues to rise. Businesses need better
ways to protect user login information beyond the simple username and
Three examples of multifactor password combination.
The combination of a robust multifactor authentication product landscape
and user awareness of the importance of strong authentication means the
authentication tools: What to time is right for enterprises to consider multifactor authentication and its
consider p. 16 benefits.
Linda Rosencrance contributed to this report.

Next Article
Explore multifactor
depth p. 35
Page 7 of 51
E-guide
In this e-guide
Exploring multifactor authentication use cases

Multifactor authentication is one of the most cost-effective mechanisms
authentication use cases p. 8 enterprises can deploy to protect digital assets. In a world where credential
harvesting attacks are on the rise, better authentication has moved from a
nice-to-have to an absolutely essential technology.
With password breaches happening with alarming regularity, the need to
consider p. 16
improve authentication practices has reached critical levels. Deploying a
multifactor tool blunts the effect of excessive password reuse by requiring
users to have something more than passwords to authenticate their
identities. Multifactor authentication methods include biometrics and
hardware tokens to tighten security and keep out potential threats.
Explore multifactor
authentication products in- Before determining which multifactor products are right for the business, a
depth p. 35
company should first be aware of the following three basic operational
methods or scenarios. Depending on the IT infrastructure already in place,
About SearchSecurity p. 51 an enterprise may need one or more of these methods to protect its servers,
networks and data. Consider these three multifactor authentication use
cases.
Page 8 of 51
E-guide
In this e-guide
Scenario 1: Enhance RADIUS or Active Directory
identity stores
One reason to deploy multifactor authentication is to augment the security
technology p. 2
of traditional Remote Authentication Dial-In User Service (RADIUS) or Active
Directory (AD) identity stores to better validate users and strengthen login
capabilities. In this scenario, the identity request passes from AD or a VPN to
the multifactor server for an additional authentication step before it allows
the user to login to the network.
authentication tools: What to Because this was the original multifactor authentication use case for these
consider p. 16
tools, nearly all vendors support this operational method. Accordingly, if a
user's password is compromised, additional factors can ensure a person is
Compare the top multifactor actually the user attempting to log in. If an enterprise already has AD and is
authentication vendors p. 24 fairly confident its directory information is accurate, adding multifactor
authentication tools is often a relatively small and painless step toward
Explore multifactor better security.
depth p. 35 In addition, many VPNs come with some kind of built-in support for
multifactor authentication services, so the level of integration shouldn't be
About SearchSecurity p. 51 daunting in that regard. If companies are comfortable with handling various
Lightweight Directory Access Protocol or RADIUS servers in their shops, it
shouldn't be too hard to add additional authentication factors.
Page 9 of 51
E-guide
In this e-guide
Scenario 2: Web services authentication
Exploring multifactor Another operational use for a multifactor authentication deployment is using
authentication benefits and it as the identity provider for a web service like Google Docs or Salesforce
technology p. 2
cloud apps. In this scenario, a login request uses the Security Assertion
Markup Language (SAML) and trusted certificates between the app and the
Three examples of multifactor multifactor server for the additional authentication step. This is the method
used by Google and Apple to add second-factor features to users' Google
accounts and Apple IDs, respectively.
authentication tools: What to Additionally, if enterprises already use a variety of SaaS applications, they
consider p. 16 should consider adding multifactor authentication to better secure their
cloud application data.
authentication vendors p. 24 This method can also be used to secure logins as part of a bring-your own-
identity (BYOI) policy that uses the cloud to federate and manage identities.
Explore multifactor
Federation refers to sharing a single authentication process across multiple
servers or services. While BYOI makes it easier for users to log into multiple
depth p. 35
websites, it also makes it easier for exploits to propagate. With BYOI, a bad
actor that breaches one login then gains access to the user's accounts on
other federated sites. To address this issue, organizations need to deploy
multifactor authentication tools.
Page 10 of 51
E-guide
Multifactor authentication is also important to consider when employing

In this e-guide single sign-on (SSO) tools. For example, consumer packaged goods holding
company Post Holdings Inc. uses Okta's SSO product. Post's portal page
Exploring multifactor has connections to all of its SaaS services listed. New employees use an
authentication benefits and SSO tool that sets up their logins to all the appropriate services.
technology p. 2
In this case, users don't even need to know their passwords. The tools
Three examples of multifactor create a complex and unique password, which -- when combined with
authentication use cases p. 8 multifactor authentication -- significantly strengthens login security.
The advantage to this method of authentication is that IT doesn't have to

authentication tools: What to touch the apps sitting in the cloud to improve login security; once a user
consider p. 16 provides additional factor information, the user can then log into the web
service directly.
The downside of this method is that not every web service provider or
multifactor vendor supports SAML. Meanwhile, some vendors require
separately purchased products to provide SAML authentications.
Explore multifactor
depth p. 35
Scenario 3: Web server authentication
About SearchSecurity p. 51 By adding code, such as Simple Object Access Protocol, Perl or JavaScript,
to the pages of a web server, multifactor authentication secures logins to
Page 11 of 51
E-guide
the server itself. The code makes the connection between the server and a
In this e-guide multifactor vendor's services.
Exploring multifactor This can be relatively simple to enable, especially for on-premises web apps.
authentication benefits and Users can adjust pages quickly, provided they understand the nature and
technology p. 2 security implications of the code they are adding to the pages. On the other
hand, it can be nearly impossible when a managed service doesn't allow
Three examples of multifactor users to touch the code.
This operational method can be a workable alternative in instances where a
multifactor authentication product doesn't yet support SAML logins, or when
authentication tools: What to customized web apps need just a few lines of code to make the login more
consider p. 16 secure.

authentication vendors p. 24 Multifactor authentication preparation: Questions
and obstacles
Explore multifactor
When evaluating multifactor authentication products, companies should
depth p. 35 carefully look at how each one differs subtly with regard to the three
operational methods of deployment. Multifactor authentication methods
vary, and not every vendor can handle all three use cases equally well. This
reality often plays a factor in product selections. Companies should also
focus on the three multifactor authentication use cases when shopping for a
product.
Page 12 of 51
E-guide
Here are some things to consider when selecting a multifactor

In this e-guide authentication approach/product:
Exploring multifactor • How sensitive is the information users are accessing? If the answer is,
authentication benefits and "not very," then a business can probably stick with its existing
technology p. 2 authentication methods. An enterprise that allows users to access
sensitive information like its customer data should really employ
multifactor authentication.
authentication use cases p. 8 • Is compliance an issue? Government regulations require
organizations in some sectors to implement stronger security
Purchasing multifactor measures to ensure the data is secure. These industries are mainly in
authentication tools: What to finance and healthcare, with stricter standards placed on their data
consider p. 16 due to patient confidentiality. Many regulations, like HIPAA and the
New York Department of Financial Services (NYDFS) for example,
mandate companies implement multifactor authentication so only
Compare the top multifactor authorized individuals have access to sensitive information. HIPAA
authentication vendors p. 24 provides a compliance checklist to ensure multifactor authentication
use. Enterprises must also be able to prove they comply with these
Explore multifactor regulations. Businesses should confirm each vendor under
authentication products in- consideration provides an audit log (a record of system activities, for
depth p. 35 compliance purposes).
• Does the business require the ability to scale up deployment? While

About SearchSecurity p. 51 most multifactor authentication products handle tens of thousands of
tokens and users, they also have the ability to serve smaller
enterprises. Be sure to consider future licensing costs.
Page 13 of 51
E-guide
• Where is the workforce located? The location of a company's

In this e-guide employees will likely influence which multifactor authentication
approach it selects. For instance, an organization whose workforce
spreads out around the world might opt for a mobile app rather than a
physical device.
technology p. 2
• Are employees already using the two-factor tools available with some
consumer services? If not, enterprises should spread the word and
Three examples of multifactor get them to make use of the second-factor option on common cloud
authentication use cases p. 8 services like Google, Facebook, Twitter. After all, these services
already utilize multifactor authentication, and it won't cost anything
other than a small amount of training to try them. This is something
enterprises can expand on should they deploy multifactor
authentication internally.
consider p. 16
Finally, before starting down the road toward picking a multifactor

Compare the top multifactor authentication vendor, carefully consider the following before deployment:
• If a company doesn't have its Active Directory act together,
Explore multifactor multifactor is a painful way to get there. Start by pruning the directory
authentication products in- store to make sure it is accurate before beginning deployment. Every
depth p. 35 authentication approach requires up-to-date information on who
should have access, so it's critical companies keep the directory
updated when users leave the company or new users are given
About SearchSecurity p. 51 access.
Page 14 of 51
E-guide
• An organization needs to be sure the authentication tool it selects is

In this e-guide able to connect to and work with its existing databases, including the
database that contains employee data.
• A business with a mobile device management system has to be sure it
is compatible with the authentication management system since many
technology p. 2
authentication approaches influence mobile devices.
Three examples of multifactor • If a business mostly uses on-premises servers, it might be better off
authentication use cases p. 8 using Windows Server's built-in password-strengthening policies, at
least to start. Monitor how much users push back when they have to
regularly change passwords and make them more complex.
Making a business case for multifactor authentication clearly requires some
consider p. 16
forethought and planning. Companies can apply numerous multifactor
authentication use cases for the technology in different ways to different
parts of an IT infrastructure. Understanding how multifactor authentication
operates ahead of time will be helpful when it comes time to select a
provider.
Explore multifactor
depth p. 35
About SearchSecurity p. 51 Next Article
Page 15 of 51
E-guide
In this e-guide
Purchasing multifactor authentication
Exploring multifactor tools: What to consider

Many different multifactor authentication products are available on the
authentication use cases p. 8 market, and while they all have the potential to improve security, they often
do so in subtly different ways -- which can make them easier or harder to
deploy, depending on the particular circumstances of a business.
However, companies sometimes spend money on a security product but
consider p. 16
then fail to install, configure, administer or manage the product in a secure
way. On top of this, prices vary widely. The range from the lowest to most
expensive platforms per user, per device can span an order of magnitude.
This means enterprises should shop carefully when it comes to buying

Explore multifactor multifactor authentication tools and know what is included and what will cost
authentication products in- extra to support a particular installation. To get the process moving, ask the
depth p. 35
following questions.
Page 16 of 51
E-guide
In this e-guide
Do I need to give non-employees access to corporate
resources?
Conduct an end-user device census if possible. This will help your enterprise
technology p. 2
understand the total population it needs to protect with these tools.
Enterprises should pay close attention to which offices non-employees
connect to; whether they are consultants, partners or contract workers; and
whether their corporate Active Directory stores already list those users.
Purchasing multifactor Companies with a geographically distributed workforce may be better off
authentication tools: What to using mobile apps or software-based tokens rather than physical ones.
consider p. 16
Depending on the results of the census, enterprises may find they're better
off securing traditional VPNs or terminal servers with additional factors for
Compare the top multifactor remote access. If so, companies should look at the vendors that support
authentication vendors p. 24 their VPNs to make integration easier.
Explore multifactor
authentication products in- How does the multifactor authentication software
depth p. 35
connect to my Active Directory store?
About SearchSecurity p. 51 Some multifactor authentication tools add agents, some make use of web
services, some provide two-way synchronization and some go only one way.
Page 17 of 51
E-guide
In this e-guide
Should I purchase a cloud-based multifactor
authentication server?
This decision depends on if your organization is a server-hugger and how
technology p. 2
widely the company has deployed its own assets in the cloud. How many
cloud apps does it currently support and what are its plans for the future?
The more apps and servers an enterprise has in the cloud, the more the
organization will want to deploy multifactor tools to make use of its own
cloud-based services rather than on-premises servers.
authentication tools: What to Some vendors offer both versions but with different functionality. Others
consider p. 16
charge differently for cloud-based services.
Compare the top multifactor The cloud-based multifactor authentication benefits include eliminating the
authentication vendors p. 24 need to install and maintain on-premises platforms and the associated local
infrastructure. Because cloud-based multifactor products can be easier to
Explore multifactor set up, they can be especially appealing to smaller organizations, as well as
authentication products in- with those that already have a significant collection of cloud servers in their
depth p. 35 own IT infrastructures. Cloud-based platforms can also help companies
increase flexibility, as well as save on management and help desk costs
About SearchSecurity p. 51 compared to on-premises platforms.
Page 18 of 51
E-guide
In this e-guide
Which servers or applications are most at risk?
Exploring multifactor Before buying any multifactor authentication tool, look closely at the apps
authentication benefits and the tool supports and how the tool supports those apps.
technology p. 2
Start by implementing multifactor authentication for the most at-risk
Three examples of multifactor applications and those that contain the most sensitive data. Then, work
authentication use cases p. 8 down the list to those apps that are less sensitive or critical to determine
whether the cost of the deployment -- and the risks multifactor
Purchasing multifactor authentication can mitigate -- provides enough ROI.
consider p. 16 Some organizations start by deploying multiple factors to protect remote
access, and then move onto more mission-critical enterprise applications.
Others do the reverse. Either way, admins must carefully look at the
authentication vendors p. 24 documentation available to configure and debug the installation of each
supported app.
Explore multifactor
Why? Because the debugging phase requires a lot of time and companies
will need all the help they can get. It's important to take this into
depth p. 35
consideration when purchasing a multifactor authentication tool, as some
servers are more at risk than others.
Page 19 of 51
E-guide
In this e-guide
Will users need multiple types of tokens and access
methods?
Some multifactor authentication devices are better at handling multiple
technology p. 2
tokens and access methods than others. Some vendors set up pricing to
make it easier or harder to handle multiple token types.
authentication use cases p. 8 Meanwhile, some let customers set up multiple token types for each user for
authentication. This allows a user to choose whichever token is most
Purchasing multifactor convenient at login time.
consider p. 16
What is the process to bypass or revoke access for a

Compare the top multifactor particular token?
Be sure to examine what happens when a user needs to bypass a token.
Explore multifactor Users might need to contact the help desk to bypass the system as a last
authentication products in- resort because they can't log into their accounts after repeatedly entering
depth p. 35 their usernames/passwords and two-factor authentication, and then taking
all the other steps necessary to gain access to those accounts. What would
About SearchSecurity p. 51 the process be from the perspective of the enterprise support desk?
Page 20 of 51
E-guide
The flip side of this is how access is set up for hundreds of users and
In this e-guide understanding the workflows involved. Look at how each product creates
and modifies its security policies and whether it provides a consistent set of
Exploring multifactor policies across the entire user base or if the policy collections differ
authentication benefits and depending on the token types or mobile OSes.
technology p. 2
Three examples of multifactor How much business do end users conduct on mobile
devices?
Purchasing multifactor Ensure any multifactor authentication tool supports the current inventory
authentication tools: What to and versions of mobile devices. This means organizations must optimize the
consider p. 16
identity authentication experience around mobile use cases.
Compare the top multifactor Part of the product evaluation should be to determine if the products
authentication vendors p. 24 support a particular mobile operating system, how the product supports it,
as well as the difficulty of the sign-on process. This evaluation is worth it
Explore multifactor once the tool is implemented and users begin seeing the multifactor
authentication products in- authentication benefits.
depth p. 35
About SearchSecurity p. 51 Do I need Fast ID Online Alliance support?

Fast ID Online (FIDO) is a set of technology-agnostic security specifications
for strong authentication.
Page 21 of 51
E-guide
Developed by the FIDO Alliance, a nonprofit organization that seeks to

In this e-guide standardize authentication at the client and protocol layers, FIDO
specifications support multifactor authentication and public key
Exploring multifactor cryptography. If enterprises are serious about deploying multifactor tools,
authentication benefits and they'll want to give this more weight. Organizations should also consider
technology p. 2
including future support as part of their multifactor requirements or requests
for proposals.
authentication use cases p. 8 At least 465 devices support the FIDO Alliance's authentication standards
as of 2018.
consider p. 16 How are authentication reports scheduled and
exported?
authentication vendors p. 24 Each multifactor authentication product provides a variety of reports -- most
designed for technical staff, while others are more suitable for management.
Explore multifactor Some products have many export options, as well.
depth p. 35 Reporting data is crucial, so enterprises need to look at how a multifactor
authentication tool generates and distributes those reports.
Page 22 of 51
E-guide
In this e-guide
How many multifactor authentication elements need
to be installed?
Some vendors have multiple server software components or multiple identity
technology p. 2
agents. Others are less complex. The decision to purchase multifactor
authentication tools should depend on an organization's needs, as well as
the resources available to implement and support the software.
Should I purchase a single sign-on product with
consider p. 16 multifactor authentication included?
Single sign-on (SSO) is great if an organization already has a lot of uniformly
used SaaS and web apps across the enterprise and wants to provide end-
user sign-on portal pages to access all of them. SSO falls down, however, if
users' app portfolios vary widely or if they don't support the collection of
Explore multifactor multifactor methods.
depth p. 35 Linda Rosencrance contributed to this report.
Next Article
Page 23 of 51
E-guide
In this e-guide
Exploring multifactor authentication vendors

Multifactor authentication products can provide significant benefits to an
authentication use cases p. 8 enterprise, but the technology is complex, and the tools themselves can vary
greatly from vendor to vendor.
It's helpful to examine sample use cases for specific tools to show how a
vendor's product can meet the multifactor authentication (MFA) needs and
consider p. 16
requirements of an enterprise.
Compare the top multifactor Here are four of the leading products in the MFA space:
• RSA Authentication Manager, the platform behind its SecurID
Explore multifactor
technology;
• Symantec VIP -- Validation and ID Protection;
depth p. 35
• CA Strong Authentication; and
• OneSpan Authentication Server -- formerly Vasco Identikey
Authentication Server.
All four are well-established multifactor authentication tools that can handle
a wide variety of situations, token types and applications.
Page 24 of 51
E-guide
RSA Authentication Manager Server can be deployed in AWS, enabling

In this e-guide organizations to move their RSA Authentication Manager infrastructure to
the cloud. VMware and Microsoft virtual environments, as well as hardware
Exploring multifactor appliances with preloaded software, support RSA Authentication Manager.
technology p. 2 Symantec VIP is a cloud-based service with multiple software agents that
delivers strong authentication without requiring a dedicated on-premises
Three examples of multifactor hardware server.
CA offers two separate MFA products with different names -- the cloud
service is called Secure Cloud and the Windows version is called Strong
authentication tools: What to Authentication.
consider p. 16
OneSpan Authentication Server supports all Vasco authentication
technologies, including multifactor authentication software tools and
Digipass tokens.
None of the four major multifactor authentication products deliver the top
Explore multifactor three authentication applications -- Active Directory, web services
authentication products in- verification and web server augmentation -- together in a single product.
depth p. 35
Rather, each requires add-on modules for either Security Assertion Markup
Language (SAML) or Active Directory support.
For example, RSA's Authentication Manager collaborates with its Adaptive
Federation product to provide SAML web services integration, and
Page 25 of 51
E-guide
Symantec VIP requires the company's VIP Enterprise Gateway to integrate

In this e-guide with Active Directory.
Exploring multifactor This is typical of the MFA product space, and it's why it's so important to
authentication benefits and understand which applications -- and under which circumstances -- an
technology p. 2 organization may want to deploy for additional factors.

Speaking of add-ons, before selecting an MFA product based on its
authentication use cases p. 8 application support, it's important to understand how each product delivers
that support. All four of the top multifactor authentication vendors' products
contain multiple server software components or agents that need
authentication tools: What to installation to strengthen logins for programs such as Outlook or SharePoint
consider p. 16 servers.
While this helps widen a company's reach, it also increases the level of
complexity of installation and operation, as multiple pieces need to be
configured and tracked. Some multifactor authentication vendors' products
have both cloud and on-premises pieces that need to work together to
Explore multifactor
authenticate users to both kinds of servers and services.
depth p. 35
Enterprises may want to consider a single sign-on (SSO) product instead of
an MFA product for certain circumstances. However, you can also
About SearchSecurity p. 51 coordinate MFA with SSO tools -- see sidebar on SSO versus MFA for more
on how to make this decision.
Page 26 of 51
E-guide
In this e-guide
SSO or MFA: Which authentication method is
better?
As you consider MFA products, you should also consider how to coordinate
technology p. 2
them with SSO tools. Integrating MFA with SSO enables you to define
stronger security policies for accessing systems that are very sensitive.
authentication use cases p. 8 What is happening, though, is SSO vendors are branching out into the MFA
space with support for a variety of tokens and access
Purchasing multifactor methods. SecureAuth and Ping Identity are products typical of this genre.
authentication tools: What to Why would an enterprise use SSO rather than a pure-play MFA tool? There
consider p. 16
are a few reasons.
Compare the top multifactor First, if a company uses a lot of cloud-based services, it may want a better
authentication vendors p. 24 mechanism for users to connect to them. If provisioned correctly, an SSO
tool can sign onto these services automatically, all without users having to
Explore multifactor remember their passwords -- and with very strong passwords to boot.
depth p. 35 Many of the more popular cloud services support the SAML 2.0 standard,
which is what most SSO tools use to create their connection. If an
enterprise's set of services doesn't yet support SAML, then the organization
probably won't be happy with either SSO or MFA tools. However, if most of a
company's apps are inside its data center, then it will probably want to make
Page 27 of 51
E-guide
use of multifactor authentication tools that offer dedicated hardware or

In this e-guide software appliances to protect these resources.
Exploring multifactor Second, if companies are less concerned about the additional authentication
authentication benefits and factors than about overall identity preservation and integrity, then SSO may
technology p. 2 be a better option. However, if an organization has one or two internal apps
that it must protect with multiple factors, then it will probably be better off
Three examples of multifactor going the MFA route.
There is also the option of integrating both SSO and MFA together, which
companies usually offer, as well.
consider p. 16
Complexity workflow
Part of the evaluation process with MFA tools is observing how normal, day-
to-day activities function with these systems, such as registering new tokens
and new users, setting up protection for a new application, modifying
Explore multifactor
security policies, and figuring out why a user can't log into corporate
applications.
depth p. 35
Some of the products offer a lot more flexibility when it comes to token
About SearchSecurity p. 51 workflow processes. This reflects -- in part -- how long they have been in the
multifactor business. For example, some products enable enterprises to add
additional factor authentication steps at various places in the login dialogs.
Page 28 of 51
E-guide
Others have more limitations, such as programs that place users in a self-
In this e-guide service portal where they can set up their multifactor authentication
particulars.
technology p. 2
Reporting
Three examples of multifactor All four of these products include different reports and various format
authentication use cases p. 8 export options.
CA Strong Authentication includes reports to track administration, user

authentication tools: What to authentication and transactional -- including login -- risk assessment. The
consider p. 16 product works with most major applications, including VPNs, the Outlook
web app, Salesforce and SharePoint.
OneSpan Authentication Server provides extensive XML or HTML-formatted
reporting for help desk troubleshooting, system and security auditing, as
well as for accounting purposes.
Explore multifactor
authentication products in- Reporting is one of the weak areas in RSA's Authentication Manger. While it
depth p. 35
has more than 30 different types of reports, most are glorified log files.
Users can schedule and export these reports in numerous formats, however,
About SearchSecurity p. 51 which is a plus.
Page 29 of 51
E-guide
While Symantec VIP offers fewer customizable reports than its competitors,
In this e-guide it does provide exporting capabilities, which is the minimum its competitors
offer.
authentication benefits and All of the leading MFA products, however, offer the ability to schedule
technology p. 2 specific reports and have real-time monitoring for alerts and other activities.

authentication use cases p. 8 MFA tools and the rise of risk-based authentication
The top multifactor vendors are adding the ability to strengthen their
authentication tools: What to authentication methods with a relatively new mechanism that is variously
consider p. 16 called risk-based authentication (RBA) or adaptive authentication. This
mechanism allows their customers to screen login requests and score them
Compare the top multifactor based on a particular behavioral corporate network.
How does RBA work?
Explore multifactor Access to a particular business application goes through a series of trust
authentication products in- hurdles, with riskier situations requiring more security, so users don't
depth p. 35
necessarily know their logins are being vetted more carefully. Moreover, this
all happens in real time, just like the typical multifactor methods. This is
About SearchSecurity p. 51 similar to how many next-generation firewalls operate with their own risk
scoring tools of internal network packet behavior.
Page 30 of 51
E-guide
Risk-based authentication uses elements such as the following:

In this e-guide
• Role-based authentication: Is the user a member of a privileged class,
Exploring multifactor such as network administrators or account supervisors? If so, they
authentication benefits and need to pass a more stringent authentication dialog.
technology p. 2 • Location-based authentication: Either by detecting a user's physical
endpoint or a specific geographic location. For example, if the user
logged in ten minutes ago from Canada and is now trying to log in
Three examples of multifactor from China, that is definitely considered a higher-risk transaction.
authentication use cases p. 8 Other attributes can figure into the overall risk score, too.
• Activity-based authentication: For example, large-value account
Purchasing multifactor transfers have a higher risk associated with them than a balance
authentication tools: What to inquiry.
consider p. 16
• Changes in usual transaction patterns: If a user is doing something
that doesn't match his or her purchase history, then that is a riskier
transaction and authentication requests and logins will be challenged
Compare the top multifactor with additional authentication measures. Challenging unusual
authentication vendors p. 24 spending patterns creates a barrier that a hacker or fraudster can't
easily circumvent without doing the customer the disservice of
Explore multifactor
demanding such authentication in a blanket manner.
depth p. 35
Pricing can get complicated when RBA mechanisms are added to the MFA
equation, however. As an example, with Symantec's VIP multifactor
authentication product, RBA adds an extra charge of $3 per circumstance
before a customer can add a user per month to the price tag. This makes
calculating the ultimate price tag that much more complex.
Page 31 of 51
E-guide
In this e-guide
Mobile support
Exploring multifactor As more workers use their mobile devices for their computing needs, MFA
authentication benefits and vendors have to support logins from mobile devices and web-based
technology p. 2
applications. Enterprises may also want a way to store multiple factors on
users' phones and tablets so they don't have to carry -- and the company
Three examples of multifactor doesn't have to deploy and support -- traditional, hardware-based key fob
tokens.
Purchasing multifactor Each of these four products still supports the four mobile operating systems
authentication tools: What to most commonly found in enterprises: Apple iOS, Android, Windows Phone
consider p. 16 and BlackBerry. This is true for most multifactor authentication vendors
these days, so it shouldn't be an issue except in the case of aging phone
Compare the top multifactor OSes or the odd Android handset in the mobile fleet that a chosen vendor
authentication vendors p. 24 does not cover.
Explore multifactor
Be sure to check the fine print for the supported OS versions when
authentication products in- investigating multifactor authentication tools.
depth p. 35
Multiple token support
RSA, Symantec and OneSpan are top choices when it comes to tokens.
Each product has a wide collection of hardware and software tokens that
Page 32 of 51
E-guide
deploy as additional authentication factors if necessary. This gives them the

In this e-guide most flexibility in terms of securing particular logins and services that can
meet just about any situation.
authentication benefits and Meanwhile, some of the products, such as Symantec's VIP, offer desktop
technology p. 2 software in addition to their mobile apps to run the one-time password
generators. While this can be a useful feature, unless most of a business'
Three examples of multifactor users are exclusive to their desktops, it's probably not a reason to choose
authentication use cases p. 8 one product over other MFA products.
authentication tools: What to FIDO support
consider p. 16
Many vendors -- and other organizations -- with an interest in MFA are
members of the FIDO Alliance, including RSA, CA Technologies, SafeNet
authentication vendors p. 24 and OneSpan.
FIDO's goal is to consolidate authentication across a wide swath of web-

Explore multifactor
based resources and remove the need to store the digital identity on any
particular site. Only two of these four major multifactor authentication
depth p. 35
vendors, RSA and OneSpan, offer FIDO-certified products, however.
Page 33 of 51
E-guide
In this e-guide
Conclusion
Exploring multifactor Any of these four MFA products would do a solid job providing multifactor
authentication benefits and authentication protection. All of them support mobile token methods, have
technology p. 2
somewhat flexible authentication methods and have moved into risk-based
methods.
authentication use cases p. 8 The differences are more a matter of packaging, pricing and whether an
organization's staff can understand and act upon the various reports the
Purchasing multifactor products produce. These four products should be in the starting lineup for
authentication tools: What to any requests for proposals or pilot projects.
consider p. 16
Next Article
Explore multifactor
depth p. 35
Page 34 of 51
E-guide
In this e-guide
Explore multifactor authentication
Exploring multifactor products in-depth
technology p. 2 Linda Rosencrance, Contributor

Multifactor authentication requires users to provide multiple methods of
authentication use cases p. 8 identification beyond the simple username and password to confirm their
identities to then gain access to corporate networks and applications, as
well as to perform online transactions.
Because so many vendors offer multifactor authentication (MFA) products
consider p. 16
and services, choosing the right one can be overwhelming. Here is a list of
multifactor authentication products on the market to help get enterprises
started.
Explore multifactor
AuthPoint
depth p. 35
AuthPoint is a cloud-based MFA tool from WatchGuard Technologies Inc.
aimed at small to midsize businesses.
Page 35 of 51
E-guide
Deploying and managing WatchGuard's AuthPoint is possible from any

In this e-guide location, without the need for expensive hardware. The service relies on
WatchGuard’s AuthPoint app to simplify user authentication.
authentication benefits and The company collaborates with many third parties to develop integrations
technology p. 2 for stronger security, easier deployments and better interoperability in
companies' IT environments, enabling customers to use MFA to protect
Three examples of multifactor access to their networks, VPNs and cloud applications.
The features of AuthPoint include:
• AuthPoint Mobile App: Enables users to view and manage any login
attempts using push notifications, one-time passwords or QR code
consider p. 16
entries for users who are offline. A company press release claims,
"The app is equipped to store third-party authenticators such as
Compare the top multifactor Google Authenticator, Facebook access and Dropbox."
authentication vendors p. 24 • Mobile device DNA: Distinguishes cloned login attempts from
legitimate ones. "The AuthPoint app creates personalized 'DNA'
signatures for users' devices and adds them to the authentication
Explore multifactor
calculation," the same press release claims. Consequently, AuthPoint
will reject authentication messages not originating from a legitimate
depth p. 35 user's phone.
• Cloud-based management: Enables companies to save money on
About SearchSecurity p. 51 deployment and management, as it doesn't require on-premises
equipment. Also offers an intuitive interface so businesses can view
reports and alerts, as well as configure and manage deployments.
Page 36 of 51
E-guide
• Supports the Security Assertion Markup Language (SAML) standard:

In this e-guide Allows users to log on once to access a full range of applications and
services.
technology p. 2 Editor's note
Using extensive research into the MFA market, TechTarget editors focused
authentication use cases p. 8 on the vendors that lead in market share, plus those that offer traditional
and advanced functionality. Our research included data from TechTarget
surveys, as well as reports from other respected research firms, including
authentication tools: What to Gartner and Forrester.
consider p. 16

CA Strong Authentication
CA Strong Authentication, from CA Inc., is a multifactor authentication
product that adds support for additional credentials -- including using
Explore multifactor
biometrics and smartphones -- to standard username/password logins for a
variety of servers and services, including Active Directory, Salesforce
depth p. 35
and the Outlook web app. The product helps enterprises deploy and
manage a number of authentication methods, including passwords,
knowledge-based authentication, as well as two-factor software tokens and
hardware credentials.
Page 37 of 51
E-guide
CA Strong Authentication also provides out-of-band authentication

In this e-guide methods, such as SMS, email or voice delivery of one-time passwords. In
addition to supporting two-factor authentication with VPNs, CA Strong
Exploring multifactor Authentication can protect access and transactions from PCs, laptops,
authentication benefits and tablets and mobile phones.
technology p. 2
One drawback of using CA Strong Authentication is having to manage and
Three examples of multifactor coordinate multiple pieces. That can be a plus for users that don't need
authentication use cases p. 8 multiple components however, because they don't have to pay extra for
them.
authentication tools: What to The capabilities of CA Strong Authentication include the following:
consider p. 16
• it supports a wide variety of credentials, including passwords,
knowledge-based authentication methods, two-factor software and
Compare the top multifactor hardware tokens;
authentication vendors p. 24 • it eliminates the risk of stolen password files because it never stores
passwords;
Explore multifactor • it adapts workstations, smartphones or tablets into a second-factor
authentication products in- token;
depth p. 35
• it offers a wide variety of integration options, such as integration with
SAML, APIs and Remote Authentication Dial-In User Service
(RADIUS);
About SearchSecurity p. 51 • it shields users without corrupting an organization's web applications
or network performance; and
• it's available as a cloud service, managed services provider-hosted
service or on premises, according to a company brochure.
Page 38 of 51
E-guide
In this e-guide
Interoute MFA
Exploring multifactor Interoute MFA, a cloud-based service from Interoute Communications Ltd.,
authentication benefits and enables organizations to replace user-generated passwords with one-time
technology p. 2
codes generated by hardware or software-based tokens. This software
offers strong authentication to help enterprises protect assets, validate
Three examples of multifactor authorized users and ensure regulatory compliance.
Interoute provides management services via a secure VPN access service
Purchasing multifactor that has firewalls at each end, ensuring a separate connection for each
authentication tools: What to client. The company also offers a flexible approach, allowing customers to
consider p. 16 purchase some or all of the services covered by its multifactor
authentication tool.
authentication vendors p. 24 The features of Interoute MFA include:
• Software-based tokens: Installed on users' computers or mobile

Explore multifactor devices. Hardware tokens are available if required.
authentication products in- • Universal usage: Supports a wide range of operating systems and
depth p. 35 users can run it on PCs, laptops, tablets or phones.
• Self-service portal: Organizations retain control over user admin
About SearchSecurity p. 51 account to take actions such as token re-synchronization and PIN
changes.
• Easy integration: Integrates with a wide range of integration products,
including RADIUS, SAML, APIs and agents.
Page 39 of 51
E-guide
• Reporting: Makes token usage logs and any authentication events

In this e-guide available via companies' web portals.
• Comprehensive security options: According to the website,
"Complements access via IPsec or SSL [Secure Sockets Layer] and
also offers standalone services for enterprises' specific needs, such
as web servers or access to cloud services."
technology p. 2

Okta Adaptive Multi-Factor Authentication
Okta Inc. Adaptive Multi-Factor Authentication enables organizations to
Purchasing multifactor provide employees and customers with a secure way to access the tools
they need.
consider p. 16
Okta Adaptive MFA features risk-based authentication that uses contextual
Compare the top multifactor access policies. Based on a user's location, IP address or device, Okta
authentication vendors p. 24 Adaptive multifactor authentication products can provide the right step-up
authentication factor to provide the user with secure access. Administrators
Explore multifactor can define the types of factors users need for access based on their role in
authentication products in- the company.
depth p. 35
The Okta Adaptive MFA product supports push-based and soft token
About SearchSecurity p. 51 authentication. Through a partnership with Yubico, users also have the
option of hard token authentication with YubiKeys. Some users say it can be
relatively pricey when adding features.
Page 40 of 51
E-guide
The features of Okta Adaptive Multi-Factor Authentication include:

In this e-guide
• Secure authentication for all environments: Protects identity and
Exploring multifactor access to data wherever users go and wherever the data lives.
authentication benefits and Supports on-premises need for VPN, Remote Desktop Protocol (RDP)
technology p. 2 and Secure Socket Shell. Okta also covers hybrid environments and
mobile users, which ensures access to apps and data is always
secure.
Three examples of multifactor • Authenticate without a password: Enables user authentication using
authentication use cases p. 8 factors other than a password.
• Seamless enrollment: Self-service multifactor authentication
Purchasing multifactor enrollment during initial login.
authentication tools: What to • Flexible authentication: Choose from a variety of end-user
consider p. 16
experiences, including one-click authentication.
• Simple reporting and auditing: Provides detailed authentication logs
that include information such as login attempts and with preset
Compare the top multifactor reports for audits.
authentication vendors p. 24 • One-time passwords: Supports Okta Verify and Okta Verify with Push,
as well as third-party tools, such as Google Authenticator and Duo.
Explore multifactor
• Integration: Integrates with thousands of web apps via standards-
based protocols and centrally enforces MFA across them. Okta's
RADIUS Server Agent extends MFA to even more devices.
depth p. 35
Page 41 of 51
E-guide
In this e-guide
OneSpan Authentication Server -- formerly Vasco
Identikey Authentication Server
OneSpan Inc. Authentication Server is a comprehensive, centralized and
technology p. 2
flexible authentication platform that aims to deliver complete authentication
lifecycle management in a single integrated system.
authentication use cases p. 8 OpenSpan's multifactor authentication products enable users to securely
access corporate resources and applications, including SSL VPNs and
Purchasing multifactor cloud-based apps. OneSpan Authentication Server supports all of a
authentication tools: What to company's authentication and signature tools and simplifies authentication
consider p. 16
management for users and administrators.
Compare the top multifactor Any organization can utilize OneSpan Authentication Server, including its
authentication vendors p. 24 banking and financial services, if the company wants to centralize and
simplify the way it manages its authentication processes for employees,
Explore multifactor partners and customers.
depth p. 35 The features of OneSpan Authentication Server include:
• Strong two-factor authentication: Combines OneSpan Authentication

About SearchSecurity p. 51 Server and the Digipass software authenticator to provide strong user
authentication, enabling better security compared to reusable static
passwords.
Page 42 of 51
E-guide
• Authenticates transaction signatures: Meets the need for e-

In this e-guide signatures in commercial and banking applications by offering strong
authentication and validation of transaction signatures.
• Remote and local access to employee applications: Offers secure
authentication for remote access and to web-based application login.
• Auditing and reporting: The audit console monitors incoming and
technology p. 2
outgoing events on the OneSpan Authentication Server. The audit
console also gathers statistics that provide key details necessary to
Three examples of multifactor manage a remote access environment effectively. XML or HTML-
authentication use cases p. 8 formatted reporting is provided for help desk troubleshooting, system
and security auditing, and accounting purposes.
• Wide range of supported databases: Supports a wide range of open
database, connectivity-compliant databases for data storage and
ships standard with PostgreSQL. The Digipass-related data can be
consider p. 16
stored with the user's info in the Active Directory.

PingID
Explore multifactor PingID is a multifactor authentication tool from Ping Identity Corp. delivered
authentication products in- through the PingOne platform. PingID provides multifactor authentication for
depth p. 35 cloud-based applications, on-premises applications, VPNs, Windows Server,
and RDP and Secure Shell. PingOne also hosts an admin console that
About SearchSecurity p. 51 manages the software via the PingID service.
Page 43 of 51
E-guide
As a cloud service, PingID reduces the hardware burden on administrators

In this e-guide and users and integrates with a number of strong third-party authentication
providers.
authentication benefits and Ping ID balances secure access to applications with ease of use for the end
technology p. 2 user. It helps customers define and enforce authentication policies
specifically for the needs of the business. With PingID, enterprises can apply
Three examples of multifactor multifactor authentication to specific applications or based on the group
authentication use cases p. 8 membership of certain users.
Some features of PingID include:

• Numerous authentication methods and devices on the go: Mobile
consider p. 16
push authentication methods, such as tap, swipe, fingerprint and
facial recognition, as well as SMS one-time passcodes (OTPs), are
Compare the top multifactor available on corporate-owned or personal mobile devices. If users
authentication vendors p. 24 don't have their mobile devices, they can still sign on securely using
other alternative second factors, including voice and email OTPs, PIN-
protected desktop applications, YubiKeys, Apple Watches and Nymi
Explore multifactor
Bands.
• Seamless security: PingID integrates with Azure Activity Directory and
depth p. 35
Active Directory Federation Services to provide seamless security for
a wide range of Microsoft- and non-Microsoft-based applications and
About SearchSecurity p. 51 services.
• Advanced MFA functionality: The PingID mobile software
development kit enables customers to embed advanced MFA
functionality directly into their iOS or Android mobile apps. With push
Page 44 of 51
E-guide
notifications from a company's app, customers can approve high-

In this e-guide value transactions and web authentication.
authentication benefits and RSA Authentication Manager
technology p. 2
RSA Authentication Manager, from RSA Security LLC, is the platform behind
Three examples of multifactor the RSA SecurID security token product. RSA Authentication Manager
authentication use cases p. 8 offers multifactor authentication as a virtual or hardware appliance. An
enterprise can also mix and match within the same implementation.
The software enables RSA SecurID administrators to centrally manage
consider p. 16
authentication methods, user profiles, applications and agents across
multiple physical sites. RSA Authentication Manager also verifies
authentication requests and centrally administers enterprises' authentication
policies for their end users.
The self-service console aims to address the most time-consuming and

Explore multifactor expensive tasks associated with managing an enterprise authentication tool
-- i.e., users can change their own PIN codes, request replacement tokens,
depth p. 35
request emergency access and troubleshoot issues without directly
contacting the help desk.
Reporting is one of the weak areas in RSA Authentication Manger. While
there are more than 30 different types of reports, most are glorified log files.
Page 45 of 51
E-guide
Users can schedule or export these reports in numerous formats, however,

In this e-guide which is a plus.
Exploring multifactor The features of RSA Authentication Manager include:

technology p. 2 • Real-time risk engine: The RSA Risk Engine, which is built into RSA
Authentication Manager, enables risk-based authentication by
calculating risk level in real time based on information about users'
Three examples of multifactor devices and their usual login patterns.
authentication use cases p. 8 • Interoperability: Organizations can take advantage of over 400 fully
supported technology integrations free of charge. RSA and over 200
Purchasing multifactor certified technology partners jointly test these integrations.
authentication tools: What to • Deployment options: RSA Authentication Manager Server can be
consider p. 16 deployed in Amazon Web Services, so organizations can move their
RSA Authentication Manager infrastructures to the cloud. The most
common operating platforms also support RSA Authentication
Compare the top multifactor Manager, as well as VMware, Microsoft virtual environments and
authentication vendors p. 24 hardware appliances with preloaded software.
• Flexibility: RSA Authentication Manager is available as a virtual
Explore multifactor appliance or a hardware appliance.
depth p. 35
SecureAuth IdP
SecureAuth IdP from SecureAuth offers more than 25 authentication
methods, including SMS, phone, email one-time passcodes, push
Page 46 of 51
E-guide
notifications, USB keys and push to accept. The tool only forces a
In this e-guide multifactor authentication step if it identifies risk.
Exploring multifactor SecureAuth IdP is available for single sign-on, as well as for multifactor
authentication benefits and authentication. A cloud-based tool, SecureAuth IdP is appropriate for
technology p. 2 medium and large enterprises that use a range of SaaS-based services.

SecureAuth IdP adds additional security measures to standard
authentication use cases p. 8 username/password logins to a variety of servers and services. This
prevents unauthorized logins, even when many different services can
compromise or share user passwords.
One drawback to SecureAuth IdP is that the reports are harder to set up
consider p. 16
than those of its competitors, necessitating some customization on its web
portal. However, once the company creates the reports, they can be
exported into a CSV format.
The features of SecureAuth IdP include:

Explore multifactor
authentication products in- • Customize authentication workflows: Enables users to develop
depth p. 35 different workflows in-house for a particular user, group of users or
specific applications. Organizations can also customize the
authentication workflow to specific risks.
• Eliminate passwords from authentication: Enables authentication
without passwords using fingerprints, layered risk checks and a
convenient push-to-accept MFA method.
Page 47 of 51
E-guide
• Reduce IT workload with user self-service: Enables users to securely

In this e-guide reset their own passwords and unlock their own accounts at any time
without assistance from the help desk. Users can also self-enroll for
initial multifactor authentication.
• Directory integrations: Integrates with various types of directories.
including Lightweight Directory Access Protocol, SQL, Oracle,
technology p. 2
ASP.NET and other data stores.

SecurAccess MFA
Purchasing multifactor SecurAccess MFA from SecurEnvoy Ltd. offers token-free multifactor
authentication tools: What to authentication for VPN, SSL, Remote Desktop, Wi-Fi, web portal and laptop
consider p. 16
encryption. SecurAccess is available for implementation for on-premises, as
part of a managed service or in the cloud. Small, medium and enterprise
Compare the top multifactor organizations across every vertical can utilize the software.
SecurAccess offers users a range of authentication options, including
Explore multifactor biometric fingerprint login, push notifications, SMS, smartphone apps, tablet
authentication products in- apps, laptop apps and even QR codes. SecurAccess offers support for
depth p. 35 YubiKey when users can't use soft token authentication methods via their
PCs, Macs or mobile devices.
SecurAccess multifactor authentication products integrate with Microsoft's
Active Directory and enable an enterprise to reuse its existing authentication
Page 48 of 51
E-guide
database infrastructure, avoiding the need to redesign, deploy, back up and

In this e-guide manage a secondary user database.
Exploring multifactor The features of SecurAccess MFA include:

technology p. 2 • Sharing passcodes sharing via secure email.
• Soft token apps for every device.
• Real-time SMS passcodes for on-demand and session lock.
Three examples of multifactor • Preloaded, one-time passcodes.
authentication use cases p. 8 • Reusable passcodes that can change every day or every few days;
• All security methods available for online or offline authentication.
Purchasing multifactor • Native support for wearables.
authentication tools: What to • Offers simple-to-follow integration guides for VPNs, cloud apps and
consider p. 16 on-premise apps so organizations can quickly set up their security
platforms.

Symantec VIP (Validation and ID Protection)
Explore multifactor Symantec VIP is a cloud-based, strong authentication service that provides
secure access to sensitive data and applications.
depth p. 35
Symantec VIP multifactor authentication tools helps enterprises prevent
About SearchSecurity p. 51 unauthorized access to sensitive networks and applications, comply with
data protection laws and enforce security best practices.
Page 49 of 51
E-guide
Symantec VIP enables organizations to secure all their users -- i.e., their
In this e-guide employees, remote workers, partners, contractors, vendors and customers.
However, some users have said that it's a hassle to add new tokens.
authentication benefits and The features of Symantec VIP include:
technology p. 2
• Cloud-based infrastructure: Delivers authentication without the need
for a dedicated on-premises hardware server.
• Integration with single sign-on: The VIP Access Manager single sign-
on creates one access point to secure cloud and on-premises apps.
• Risk-based intelligent authentication: Uses behavior and device
Purchasing multifactor profiling to prevent risky login attempts but doesn't change a
authentication tools: What to legitimate user's login experience.
consider p. 16 • Biometric fingerprint, proximity login and push notification: Eliminates
the need for passwords through the use of biometric fingerprints,
hands-free proximity login, as well as one-tap or one-swipe push
verification.
• Wide range of OTP options: Organizations can deploy hardware
tokens and free software or mobile OTP credentials, as well as email,
Explore multifactor out-of-band support via SMS text messages and phone calls.
authentication products in- • Embedded two-factor authentication: Allows enterprises to add
depth p. 35 strong authentication using the VIP web services APIs for their web
applications or by embedding VIP into their mobile apps with the VIP
Credential Development Kit.
About SearchSecurity
Page 50 of 51
E-guide
In this e-guide About SearchSecurity

IT security pros turn to SearchSecurity.com for the information they require
Exploring multifactor to keep their corporate data, systems and assets secure. We're the only
information resource that provides immediate access to breaking industry
technology p. 2
news, virus alerts, new hacker threats and attacks, security certification
training resources, security standard compliance, webcasts, white papers,
podcasts, Security Schools, a selection of highly focused security
newsletters and more -- all at no cost.
consider p. 16
For further reading, visit
SearchSecurity.com
Compare the top multifactor Images; Fotalia
©2019 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means without
written permission from the publisher.
Explore multifactor
depth p. 35
Page 51 of 51

Multifactor Authentication: Methods, Use Cases, & Products: E-Guide

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Multifactor Authentication: Methods, Use Cases, & Products: E-Guide

Caricato da

Copyright:

Formati disponibili

E-guide

Three examples of multifactor Multifactor authentication (MFA) security measures are a

Compare the top multifactor

• Explore the costs and security risks associated with

Three examples of multifactor

• the inherence or biometric factor: Something unique to the user --

MFA tokens: From key fobs to mobile apps

If the number sequence matches the generated passcode, the user is

What is the answer to these problems? Mobile tokens and biometric

fingerprint or iris scan, to grant access to an application or other resource.

their IT organizations to coordinate and configure their infrastructures and

Linda Rosencrance contributed to this report.

Three examples of multifactor

Multifactor authentication is also important to consider when employing

The advantage to this method of authentication is that IT doesn't have to

Compare the top multifactor

Here are some things to consider when selecting a multifactor

• Does the business require the ability to scale up deployment? While

• Where is the workforce located? The location of a company's

Finally, before starting down the road toward picking a multifactor

• An organization needs to be sure the authentication tool it selects is

About SearchSecurity p. 51 Next Article

Three examples of multifactor

This means enterprises should shop carefully when it comes to buying

What is the process to bypass or revoke access for a

About SearchSecurity p. 51 Do I need Fast ID Online Alliance support?

Developed by the FIDO Alliance, a nonprofit organization that seeks to

Three examples of multifactor

RSA Authentication Manager Server can be deployed in AWS, enabling

Symantec VIP requires the company's VIP Enterprise Gateway to integrate

Three examples of multifactor

use of multifactor authentication tools that offer dedicated hardware or

CA Strong Authentication includes reports to track administration, user

Three examples of multifactor

Risk-based authentication uses elements such as the following:

deploy as additional authentication factors if necessary. This gives them the

FIDO's goal is to consolidate authentication across a wide swath of web-

Three examples of multifactor

Deploying and managing WatchGuard's AuthPoint is possible from any

• Supports the Security Assertion Markup Language (SAML) standard:

Compare the top multifactor

CA Strong Authentication also provides out-of-band authentication

• Software-based tokens: Installed on users' computers or mobile

• Reporting: Makes token usage logs and any authentication events

Three examples of multifactor

The features of Okta Adaptive Multi-Factor Authentication include:

• Strong two-factor authentication: Combines OneSpan Authentication

• Authenticates transaction signatures: Meets the need for e-

Compare the top multifactor

As a cloud service, PingID reduces the hardware burden on administrators

Some features of PingID include:

notifications from a company's app, customers can approve high-

The self-service console aims to address the most time-consuming and

Users can schedule or export these reports in numerous formats, however,

Exploring multifactor The features of RSA Authentication Manager include:

Three examples of multifactor

The features of SecureAuth IdP include:

• Reduce IT workload with user self-service: Enables users to securely

Three examples of multifactor

database infrastructure, avoiding the need to redesign, deploy, back up and

Exploring multifactor The features of SecurAccess MFA include:

Compare the top multifactor

In this e-guide About SearchSecurity