Gemalto
Get SafeNet News
HSE Banner

Two-Factor Authentication (2FA) Solutions

Protect identities and data with strong authentication

Two-Factor Authentication (2FA)

Purple Secure Computing Icon

Evolving business needs around cloud applications and mobile devices, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control.

In this regard, two-factor authentication serves a vital function – by securing access to corporate networks, Software-as-a-Service (SaaS) and cloud applications, protecting the identities of users, and ensuring that a user is who he claims to be.

Two-factor authentication ensures that users are who they claim to be by requiring them to identify themselves with a combination of:

  • Something they know – password or PIN

  • Something they have – token or smart card (two-factor authentication)

  • Something they are – biometrics, such as a fingerprint (three-factor authentication)

Because strong authentication security requires multiple means of identification at login, it is widely recognized as the most secure software authentication method for authenticating access to data and applications.

SafeNet's 2FA Solutions Include:

Mobile Workforce Authentication for Secure Remote Access

Blue User Authentication Icon

When corporate resources are scattered across cloud-based, web-based, and on-premises applications and databases, the need for unified authentication policies is critical in ensuring transparency and consistency for access controls. Today, organizations need to address the issues of remote access security, even when their employees are located in the office.

Learn About Our Solutions for Secure Remote Access

Secure VPN Access

Purple Authentication Icon

As employees are increasingly mobile and expect greater access, organizations are looking to ensure secure VPN access. Administrators need to create consistent authentication policies for secure access to all corporate resources and keep their authentication solution flexible, cost-effective, and easy to-deploy.

Learn How Our Solutions Secure VPNs

Secure Access to Citrix and VDI Solutions

Locked Computer Screen Icon

The growth in the use of virtualized environments—particularly Virtual Desktop Infrastructure (VDI) solutions, such as those provided by Citrix— is challenging businesses to overcome the vulnerabilities of fixed passwords and implement a consistent authentication policy to secure access to all online corporate resources.

Learn How Our Solutions Secure VDIs

Secure Cloud Access

Cloud User Access Icon

As enterprises transition to the cloud, they are essentially shifting their focus from controlling security with physical boundaries, to that of a virtual infrastructure. When data and applications move to the cloud, user access – by default – takes place remotely. Organizations must therefore implement access controls for applications in the cloud as well as those still in the confines of the data center.

Learn How Our Solutions Secure Cloud Access

Secure Network Access

Blue User Authentication Icon

There is growing concern among IT leaders over the rise in corporate espionage and Advanced Persistent Threats (APTs) that originate from unauthorized local network access. Relying on simple passwords to protect employees’ computers and privileged workstations could put your organization's network at risk.

Learn How Our Solutions Secure Enterprise Networks

Secure Access to Web-Based Applications

Web-Based Applications Icon

To enable employee mobility, companies of all sizes require unified management of security policies, different levels of assurance, and the ability to securely grant employees access via numerous endpoints. With an authentication platform that provides all of the above, organizations can implement unified access policies and single sign-on (SSO) for web-based applications and other corporate resources.

Learn How Our Solutions Secure Web-Based Apps

Context-Based Authentication

With context-based authentication, employees can easily and securely access enterprise and SaaS applications, as long as they meet pre-defined policy rules set in advance by the administrator. If a user does not comply with the access rules in place, they might be requested to provide an additional authentication factor before they are granted access.

Learn About Our Context-Based Authentication Solutions
view Products

2FA Frequently Asked Questions

Two-factor authentication (2FAs) ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.

What is 2FA used for?

Just as you wouldn’t want your bank to allow access to your checking account with a simple password, you want to make sure your resources are protected by asking employees to provide an additional factor of authentication. This ensures the employees’ identity and protects their login credentials from easily being hacked or stolen. You do not want to allow access to your valuable assets (be it VPN, Citrix, Outlook Web Access or cloud applications) with only one factor - often a weak password.

Two-Factor Authentication enables to strengthen the protection of vital resources by drastically reducing the chances of various security attacks including identity theft, phishing, online fraud and more.

How does it work?

There are multiple authentication methods that can be used to validate a person’s identity. SafeNet offers the broadest range of authentication methods and form factors, allowing customers to address numerous use cases, assurance levels, and threat vectors.

  • Hardware-based Authentication - An additional hardware that the user physically possesses, without which, authentication is not possible.
  • Out-of-Band Authentication – A hardware that is already in the user’s possession and that can be used to receive information securely through SMS or email.
  • Software-based Authentication - Authentication methods of this type deploy a software application on the user’s computer, smartphone, or mobile device.
  • One Time Password (OTP) - Generate dynamic one-time passwords (OTPs) for properly authenticating users to critical applications and data, whether on a token, mobile device, or grid-based authentication.
  • Certificate Based Authenticators (CBA) USB tokens - Provide secure remote access as well as other advanced applications, including digital signing, password management, network logon, and combined physical/logical access.
  • Certificate Based Authenticators (CBA) smartcard tokens - Traditional credit card form factors that enable organizations to address their PKI security and access control needs.
  • Hybrid Authenticators - Authenticators that combine one-time password, encrypted flash memory or certificate-based technology on the same strong authentication device.
 

What is context based authentication?

Context based authentication uses contextual information to ascertain whether a user’s identity is authentic or not. It is recommended as a complement to other strong authentication technologies.

SafeNet’s Next-Generation Authentication Solutions offer IT administrators a multilayer approach to access control. Employees can easily and securely access enterprise and SaaS applications, as long as they meet pre-defined policy rules set in advance by the administrator. If a user does not comply with the access rules in place, they might be requested to provide an additional authentication factor before they are granted access. This could be an SMS or a one-time passcode generated by a phone token, or a hardware token, depending on organizational policies. Click here to see our Context Based Authentication Infographic.

Does it secure access to cloud applications?

As the switch to the cloud blurs the boundaries of the traditional network security perimeter, organizations are having difficulty affording, implementing and managing consistent, unified access policies to distributed corporate resources. With SaaS adoption growing, there is no longer a single point of entry to corporate apps.

SafeNet authentication solutions overcome this challenge by allowing organizations to seamlessly extend secure access to the cloud through identity federation.  SafeNet authentication platforms leverage organizations’ existing authentication infrastructures, allowing them to extend users’ on-premises identities to the cloud and enabling them to implement unified access control policies for both cloud and network applications. Read more about Strong Authentication for Cloud-Based SaaS Applications & Services

Does 2FA secure mobile employees and employees with different risk levels?

Providing a single point of management for defining and enforcing access controls to all virtual, cloud, and on-premises resources, SafeNet enables to extend two-factor authentication (2FA) to all users, at all risks levels, including mobile employees.

Different authentication methods and form factors address the different risk levels of users. As such, an employee that only has access to the enterprise portal will have a different authentication method/form factor than the company’s IT administrator.

How does 2FA work with BYOD adoption?

SafeNet offers several methods to ensure secure access from mobile devices to network resources, email, VDIs and more:

  • User Authentication - Positively identify users accessing corporate resources via VPN, wireless, access points, VDI.
  • Certificate credentialing for iOS devices - Only users whose devices are provisioned with certificates can access corporate resources.
  • Device recognition with context-based authentication - Recognizes registered users logging into web-based applications from the mobile browser.

SafeNet authentication solutions help secure access in BYOD scenarios by requiring users to register their devices. In this way, organizations may decide that only pre-registered devices may access the network or that non-registered devices require the user to provide an additional method of authentication such as a one-time passcode.

How do we manage all these different needs and solutions?

The need to implement unified access policies to SaaS applications, cloud-based solutions, and on-premise environments is essential in order to set and maintain secure access in current workforce environments, highly influenced by mobility.

Under pressure to reduce costs and prove value, IT administration staff is on a constant quest to reduce their TCO. Streamlined management includes user management, provisioning, single sign-on, strong authentication, authorization, reporting, auditing, and policy alerts integrated with LDAP/Active Directory.

SafeNet’s centrally managed authentication solutions are based on a single management platform that supports:

  • Secure mobility for employees from both corporate-issued and personal mobile devices
  • Secure remote (VPN) access to enterprise networks
  • Secure access to cloud applications
  • Secure access to virtual desktop infrastructures (VDI)
  • Secure network logon
  • Secure access to web portals
  • Advanced security applications, such as pre-boot authentication and digital signing
 

How does 2FA fit with the current enterprises' fragmented IT eco-system?

A fragmented IT eco-system hampers security and compliance. Securing employees’ access to enterprises resources under such a fragmented environment is indeed challenging. SafeNet authentication solutions provide a single point of management that applies consistent access controls to the entire IT eco-system. With complete use case coverage, our solutions provide over 100 seamless out-of-the-box integrations for cloud, VPN, VDI, web portals and LAN.

SafeNet ensures frictionless management for IT administrators by providing:

  • Fully automated workflows
  • Solution management by exception
  • Single audit trail of al access events
  • Use self-service portal
  • Secure access from any device
  • Over-the-air dispatch of software tokens

The desire to maintain acceptable levels of access security without burdening end users, combined with the need to support multiple devices, is leading organizations to adopt solutions that have minimal impact on the user experience. SafeNet delivers users frictionless authentication with a wide range of 2FA tokens and tokenless methods of authentication and federated SSO to the cloud.

view Overview
CTA - 2014 Gartner Magic Quadrant for User Authentication
Context-Based Authentication CTA
Next-Generation Authentication: Keys to Balancing Security and Convenience White Paper CTA