05 Oct 2016

Two-Factor Authentication for CDNsun accounts

Doing business in the Internet often requires a good protection of personal data and money transactions. If you want to buy something from the online store, you must be sure that none will steal your personal data (credit card number, PIN code and etc.). Online merchants who want to succeed in selling things online should make their store and eCommerce websites really safe for their buyers. Many of them use two-factor authentication to prevent illegal activity on their web platforms.

We have a new feature: two factor authentication is available for CDNsun users now. And today, we’ll try to show you what two-factor authentication means and how this kind of verification will be useful for your account. So enable 2FA today if you have a CDNsun account.

What Does 2FA Mean?

Two-factor authentication or 2FA is a method of computer access control when a user is required to display several separate pieces of testimony to prove his identity. For instance, it may be a combination of a credit card number and PIN code to ‘convince’ an ATM  that you are the owner of the bank card and you are going to get some money from your bank account.

2FA is a kind of multi-factor authentication or MFA. MFA is a way to verify the user identity by revealing a combination of two various components. It may be something you are aware of (your knowledge), something you possess (your possession) and your inherence factor.

The main idea of setting 2FA is to eliminate the illegal access to the information you consider to be extremely important and valuable. For example, it may be something like a database of your clients or employees. When you use such type of identification, you often ask a user to display several things that make him really unique. It may be a combination of secret token and PIN or voice and password.

Authentication Factors

All in all, the factors required for 2FA may be divided into several groups:

  • Knowledge factors;
  • Possession factors;
  • Inherence factors.

Knowledge factors are considered to be the most common spread authentication forms. For instance, you are often asked to reveal a password to enter the site or a PIN code to get access to your bank account. A password can be a combination of numbers or a pass phrase or a combination of both. It’s often expected that the user will memorize it.

The bad example of using knowledge factor for authentication is to ask the users answer the questions like ‘What’s your favorite color?’. It may be well-known information, and anyone may use it to get access to the information you want to protect.

When we speak about MFA, a password usually comes as one factor required for authentication.

Possession factor is the things you possess and can be revealed any time you are asked to do this. It may be something like a security token. The security tokens can be either connected or disconnected. Disconnected tokens aren’t linked to the client computer. They have special built-in screens to display the generated authentication data to be typed manually by the user. Card readers, USB tokens and wireless tags are the examples of connected tokens. You connect them to your computer and transmit data automatically.

Inherence factors are often used for biometric verification, including retina scanners, fingerprint readers or voice recognition.

2FA vs. SFA

Single-factor authentication often implies using one of authentication methods. For instance, it may be a knowledge factor (a user name and a password). This method is widely spread in social networks and the sites where owners allow visitors to make personal accounts. If you use or plan to use SFA, make sure that you use a strong password and refrain from commonly used login names.

Using passwords doesn’t cost much and is easy to implement. However, remember that this method of verification needs protection from loads of insider threats like old hard drives, carelessly discarded password sticky notes and social engineering exploits. Don’t forget about hacker attacks. Given enough time and resource, the intruder may, finally, breach password-based security systems.

If you plan to use SFA system, make sure that it’s a reliable one. For instance, you may use multiple challenge-response questions and a single biometric verification to check the user identity.

2FA has a great number of solutions to check the users’ identity and protect sensitive data from illegal access. For instance, it may be Dell Defender. It’s a multifactor authentication suit to offer biometrics and various token methods.

A mobile phone, tablet or smartphone may become a nice method to verify the user’s identity. For instance, most of these devices have special screens to recognize fingerprints and built-in cameras may be used for face recognition. Smartphones have GPS to check location as an additional factor. In addition, voice or SMS can become a part of 2FA.

Though 2FA seems to be a reliable form of verification, it’s not a perfect one. An attacker might break an authentication factor in the physical world. He may yield an employee card and a password. If an additional factor is required, the intruder may face at least one more obstacle. That’s why the most sensitive and precious data are often required to be protected with a three-factor authentication or 3FA. 3FA often includes a combination of a password, physical token and finger scanning or a voice print.

Today we tried to show the benefits of 2FA, and how 2FA helps to protect your valuable data. If you want to make your account really safe, you can enable 2FA to your CDNsun account today.