PGMFA

Versatile Protection – PG MFA

The three following articles are about two-factor authentication, technical possibilities and the model that has proved most popular from a user perspective.

Beloved children have many names. One-time password, two-factor authentication, keychain with varying code, or authentication via SMS are all about the same thing. The latest abbreviation of the phenomenon is MFA, that is, Multi Factor Authentication. In this case, however, the number of authentications does not exceed two, multifactor simply means that the same solution includes several different platforms. As a rule, “MFA” is used for apps installed on the mobile, that is, a so-called Authenticator. If you cannot connect to the app, phone numbers and text messages are used as authentication. The abbreviation MFA actually includes almost all authentication methods used today. It can also be mentioned that biometric identification, such as fingerprints, are mobile apps as well.

Banks discovered already in the mid 90’s that they had to create a more reliable solution for accessing account information than just password authentication. In this respect, Finland was ahead of many other countries regarding electronic banking processing, compared with the British checks for example. From a technical point of view, the solutions (e.g. PKI) were not yet available, so you had to develop a National Bank Security Solution (PaTu) for protection. The Finnish abbreviation comes from the words PankkiTunniste (bank code) and is still used to a large extent. In my opinion, it was the first solution that really represented strong authentication. The corresponding solution in Sweden is BankID, which many still have as a physical unit, but it is also gradually turning into becoming a mobile app.

Today, there are already several different technical solutions and service providers. In the next article, we will focus on the user experience of these.

If you already want to know which solution that we recommend – invite us for coffee! Then we will present a functional mobile app that is easy to use!

P.S. If someone happens to know a security manager for a bank we can continue the discussion to replace PaTu with, we warmly accept the invitation!

User experience

Within data security, ease of use is always the other side of the coin. If additional user action is required to log in, it’s always less convenient for the user. However, I believe that anyone who is working in IT these days is prepared to compromise a lot with this luxury, for fear of the consequences. The important question becomes how often one has to identify. It is also the biggest stumbling block for MFA. It is surprisingly difficult to determine the need for authentication technically, using different algorithms. It’s easy if the geolocation feature detects that the user’s IP address is from another country or if the previous login was made more than eight hours ago, on a different working day. It is primarily mobility that makes it difficult. A laptop switches network several times during a business day, and the mobile phone’s geographical location does not necessarily tell you much. The end result is often that the email constantly asks one to log in again and again, and after the fifth time the user has had to look for an SMS, and he will then deem strong authentication as unnecessary.
The best user experience among consumer products is definitely provided by Google products. Many have already tested this in practice, and for example, Facebook’s two-factor authentication works well. However, for Microsoft’s products, the situation is quite different, unfortunately in a clean O365 environment, the function is tolerable and in the hybrid solution it is required that the technicians have the right expertise to enable the solution to work. In corporate networks, many still rely on the operator’s APN-type solution rather than risking the need for an update for migrant users, caused by a failed VPN login.

Where to find a suitable, reliable and user-friendly solution for your business?
Invite us for a coffee! Then we will tell you more about different options and present a very well-functioning and user-friendly mobile app!

Technical solutions

In the previous article we reviewed the user experiences of different security solutions.
Amongst the consumer products, Google products work well. In corporate networks, the operator’s APN is still a lighter and more popular alternative than a VPN solution.

For those who are looking for heavy technology, I can tell you that Radius, which was developed and used already in the 80’s, is surprisingly enough necessary or at least among the different login options – though not very modern or noteworthy. More users, those prone to putting the tin foil hat on, may consider the possibilities that brute force computing options or quantum computers provide. But let’s bypass the subject by mentioning that, with the exception of presidents, us mere mortal certainly have nothing so interesting that someone would invest such resources in getting their hands on the information.

So, where to find a solution you can trust and which is provided by a reliable and credible player with technical resources that have been available on the market for a sufficient amount of time? A simple start-up of the service, with the help of a partner like us, is cost-effective and maintenance requires no dedicated experts. We have recommended the firewall and data security provider WatchGuard’s solution, launched in the summer of 2018. We have done that because the manufacturer’s solution as a whole can be purchased as an online service, but despite that, it can be integrated with a surprisingly large number of other players in a natural way from the start. And most importantly, this tested solution has been the most reliable both in the lab and in the daily work of users.

The key to the solution is, briefly: a functioning mobile app and easy boot.

Invite us for a coffee and we will present WatchGuard’s solution!