Time-dependent two-factor authentication on Atipa Servers and Workstations
Atipa Technologies is pleased to offer two-factor authentication (2FA) as a security enhancement on all management servers and personal workstations. A common problem with simple password-based authentication is assuring user diligence in choosing strong passwords while not making it impossible to remember passwords. Even strong passwords are not immune to carelessly stored notes with login credentials or an arsenal of password-hacking tools. Given enough resources, cyber attackers can often test billions of password combinations per second to ultimately breach your account.
Once an account has been breached, skilled hackers can often avoid detection until they achieve their incontrovertible goal of stealing sensitive data and/or disrupting normal operation of your servers and workstations. Unfortunately, once compromised, removing all backdoors is the equivalent of finding a needle in a haystack. The only full proof method of recovery and locking out the attacker is completely erasing the hard disk and re-installing the OS. Besides the obvious inconvenience, this can be a daunting, time consuming, and costly recovery task.
How does it work?
Two-factor authentication adds an additional authentication step to a server login process. Where single-factor authentication requires you to enter only your username and password, two-factor authentication requires you to enter a second form of authentication such as a PIN code, a numerical token, the answer to a secret question, a fingerprint, etc.
Atipa’s two-factor authentication implementation uses time-dependent software tokens generated by the Google Authenticator app for Android or iOS. The app generates a new six-digit numerical token every 60 seconds, which serves as a second form of authentication in addition to the user’s regular password. The use of a mobile software token has the added benefit that nowadays most users have their cell phone with them at all times, eliminating the need to carry around a dedicated physical hardware token device.
Setting up two-factor authentication for users is as simple as the administrator running the init2FA command and the user scanning the generated QR code or secret key into the Google Authenticator app. Each time a user logs into the system, he or she will first be prompted for his or her normal user ID and password, and next for a time-based one-time token generated by the Google Authenticator app.
Two-factor authentication can also be setup on your existing servers and workstations.