Dean Wiech, managing director, Tools4ever
Organizations large and small can easily add security to their login procedures with two-factor authentication, which is a simple process that requires users to enter more than one piece of information to access accounts. For example, in addition to simply entering a user name and password, two-factor authentication requires use of another identifier, such as a smart card or a PIN code.
Major organizations are making use of two-factor authorization — Twitter and Google. And while its primary goal is to improve security of systems and applications, the solutions also provide additional features that can be of benefit to all organizations. Here are some of the uses, and features, of two-factor authentication that can benefit employees and their organization:
Easily customizable: System administrations can customize the two-factor authentication process to meet their needs. For example, rules can be created that mandate that during the time a user is logged into an organization’s systems, his smart card also must be in the reader the whole time the employee is working. In this scenario, if the user removes the card he is then automatically logged out of the system. On the other hand, rules also can be written that requires a user to present the card for a few seconds when first logging in for him to access all needed systems.
PIN code memory: Though end users have to enter a PIN code for two-factor authentication, the internal systems have the ability to remember PIN codes for a defined period of time. Users then only have to enter their PIN code once when first logging into the computer at the beginning of the workday and not again after that. Each time after, during the same day, employees or users only have to present their smart card to access systems and not their PIN. This ensures that systems are secure, but does not inconvenience users by requiring them to enter both the PIN code and card each time they login.
Self-service registration: When first implementing smart card use, end users can securely register their smart cards themselves, taking the burden off of the IT department. Once a user inserts his card, which is not registered into the reader, it will enable a user to assign their username and password to this card.
Advanced authentication for resetting passwords: Two-factor authentication can be used to enable users to reset their own passwords. In addition to answering a series of questions that they previously provided answers to, end users can be sent a code via SMS or email that they will have to enter before being able to reset their passwords.
PIN code sent via email or SMS: The PIN code or password that end users provide as one source of authentication does not have to be something that the user actually remembers; nor does it have to be the same password every time. A password PIN can be automatically generated and sent to the user via text message to her cell phone or to her email account, which she then inputs to gain access to her account.