One thing that IT professionals are increasingly agreeing upon is that passwords alone are no longer effective. For example, we all may have that "one password" that we use for everything, which is certainly subject to compromise. Hackers easily have the ability to guess passwords or use the "brute force" approach, which generates hundreds or even thousands of passwords per minute to find the correct combination. Hardware or software "key logger" tools can record all keystrokes on any device and send them to a malicious third party without your knowledge. Perhaps the most frightening way in which your password can be stolen is if you voluntarily share it, having been fooled by a supposedly trustworthy website or email. This is known as a traditional "phishing" attack.
In order to address these security concerns and protect their most sensitive information, companies are implementing Multi-Factor authentication. This is a method of computer access control in which a user must enter at least two separate forms of authentication. Typically this will consist of two of the following categories: Knowledge (something they know); possession (something they have), and inherence (something they are). "Something they know" is a password, but depending on the level of risk identified, this form of authentication on its own may no longer be sufficient. "Something they have" is a token, which generally has two types, hard or soft. A hard token is a small physical device given to the user that has a changing combination of numbers on it. A soft token is a piece of software or app installed on a secondary device, which generates a code for the user to use their password and generated code to perform the two-factor authentication process. When installed on a phone, the user may advantage of using a phone call or text message for validation. "Something they are" is biometrics, which can be a finger print or retina scan. When using this method typically the user would use their password in addition to scanning their finger or eye to perform the two-step authentication process.
Marcum Technology has been engaged by a number of clients to analyze, design, and implement this technology in their respective environments. We have experience with multiple platforms and vendors across many regulated industries, such as banking and healthcare. When addressing this issue, we would first help to identify the systems you want to protect, the respective compatibility, and other potential unidentified risks. Next, we would identify a vendor to fit your specific needs. Lastly, we would fully assist in the implementation process from design to inception.
Please contact your sales advisor today to see how Marcum Technology can help implement Multi-Factor authentication in your environment to additionally secure and protect your data.
Manager - Sales Engineering & Managed Services