How to Thwart Network Attacks with Two-Factor Authentication - Page 2

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Easy enterprise installation

For enterprise deployments, you simply download and install the authentication software on your existing hardware. For an Outlook Web Access (OWA) implementation, for example, you simply install the software on the server where OWA resides. Then add users, either manually or by importing them from Active Directory (AD) or LDAP. Welcome e-mails will be automatically sent to users, and all future log-ins will be secured by a phone call.

The setup process is the same for virtually any VPN, Citrix Web interface, Internet Information Services (IIS) Web site, Terminal Services or RADIUS application. No programming is required; it's all off-the-shelf. Even in complex environments, the implementation is straightforward.

For example, we have a call center client with a massive Citrix farm. We were able to integrate all of the necessary touch points without requiring any material changes to their network infrastructure (no new hardware was required, we leveraged their existing directory, the log-in interface stayed the same and so on). And, because there were no devices to provision to users or software/certificates to install to their computers, the call center was able to rapidly enable phone authentication for thousands of their home-based agents.

For Web sites or online transactions, Web plug-ins make it easy for a developer to integrate into an existing Web site. Enrolling users is simple and only requires that they enter the phone number to use when authenticating.

Ongoing user support is minimal. People rarely lose their cell phones, and if they do, they replace them quickly. I couldn't make it a day without my iPhone, and I'm pretty sure I'm not alone. A backup phone number can be used, or users can also call IT to temporarily change to an alternate phone number, if necessary.

As we move further away from relying on passwords alone to protect access to mission-critical systems and sensitive data, more people are moving toward phone-based authentication because of the ease of use and added security offered by leveraging the telephone network. We're seeing it deployed in a growing number of enterprises as well as consumer applications such as online banking. It's possible that this sort of security will become as common as cell phones themselves. You won't remember what you did before you had it.

/images/stories/heads/knowledge_center/dispensa_steve70x70.jpg Steve Dispensa is co-Founder and Chief Technology Officer of PhoneFactor. Steve is a leader in the field of data security and device driver development technology, holding numerous patents in the fields of computer science and telecommunications. Steve also hosts Security Break Live, an Internet radio talk show, as well as a blog of the same name. He can also be reached at