Blog Feed

Multi-Factor Authentication for LDAP

Posted by on 12:27 in No category | 0 comments

Multi-Factor Authentication for LDAP

LDAP helps organizations manage access to critical systems, but passwords alone aren’t enough to keep attackers out. Adding multi-factor authentication (MFA) to LDAP can significantly boost security. This article explains what LDAP is, the difference between the LDAP protocol and servers, and how to smartly integrate the Protectimus MFA solution for LDAP to provide stronger protection. Begin LDAP MFA setup LDAP: What Is It? LDAP stands for Lightweight Directory Access Protocol. This standard protocol is widely used by organizations to manage user accounts and access directory servers. LDAP facilitates communication between a Service Provider and an Identity Provider, performing tasks such as user authentication, permission management, and directory updates across a network. Organizations value LDAP for its speed, scalability, and ease of use, relying on on-premises LDAP servers, such as Microsoft Active Directory and OpenLDAP, to run their critical business applications. When a user attempts to log in, LDAP verifies whether the authentication is successful. This makes securing LDAP with MFA essential for any business. LDAP Protocol vs. LDAP Server: Key Differences LDAP protocol is a tool designed for accessing and managing information in user directories. It reads and updates data stored in user directories. Meanwhile, an LDAP server refers to any server functioning as a user directory service (e.g., Active Directory, OpenLDAP, Red Hat Directory Server, IBM Security Directory Server, Novell eDirectory, Apache Directory Server, etc.).  Why Add Multi-Factor Authentication to LDAP? LDAP servers store and organize critical information, such as user credentials and permissions. The LDAP protocol is responsible for managing user accounts and accessing the LDAP servers with critical information. Protecting user credentials and controlling access to user accounts remain key priorities in today’s cybersecurity. Cybersecurity specialists often secure LDAP connections by wrapping the LDAP protocol in TLS/SSL (which is then called LDAPS). However, this is not enough. Multi-factor authentication (MFA), also known as two-factor authentication (2FA), is the best way to ensure that LDAP authentication is protected from any attacks aimed at compromising user accounts. Multi-factor authentication is a must for any corporate network protection. With MFA, you add another layer of protection to password-based authentication, which almost eliminates the possibility of corporate accounts being hacked and perfectly secures user accounts from phishing, keylogging, social engineering, man-in-the-middle attacks, brute force, credential stuffing, and other similar attacks. One more reason to add MFA for LDAP is to meet the PCI DSS, GDPR, and other similar regulations’ requirements. How Protectimus MFA Integration with LDAP Works? Protectimus multi-factor authentication can be integrated into your LDAP-based infrastructure in several ways. We provide an open RESTful API, SDKs, and a wide range of ready-to-use plugins for virtually any software, operating system, VPN, or VDI service that requires MFA protection within a corporate environment. Explore integration options However, the easiest and most convenient solution for LDAP MFA is Protectimus DSPA (Dynamic Strong Password Authentication). It enables seamless integration of multi-factor authentication directly with an LDAP server, adding MFA to all entry points that rely on the LDAP server for authentication in a single step. Alternatively, the admin can choose to enable multi-factor authentication for a specific group of users in LDAP, rather than applying MFA to all users. Here’s what LDAP MFA with Protectimus DSPA looks like: You integrate the Protectimus On-Premise MFA platform with your LDAP server, which appends a...

read more

Why Protectimus Recommends the SHA256 Algorithm

Posted by on 12:28 in Protectimus Products, R&D | 0 comments

Why Protectimus Recommends the SHA256 Algorithm

As cyber threats become more advanced, choosing the right cryptographic algorithm is essential to keep data secure. SHA256 stands out among other options because it offers strong protection against vulnerabilities and aligns with top industry standards. In this article, we’ll dive into why Protectimus endorses SHA256 and how this algorithm supports the security of our 2FA solutions. Order SHA-256 TOTP Token Protectimus SHARK 1. Understanding TOTP Tokens and Hashing Algorithms TOTP tokens serve as an additional layer of protection, providing a unique and time-sensitive password for each login attempt. TOTP, or Time-Based One-Time Password, is a mechanism that generates one-time passwords valid for a short period – 30 or 60 seconds. The process of generating TOTP passcodes involves the utilization of a hashing algorithm, such as SHA-1 or SHA-256, to convert a shared secret and the current time into a unique one-time password. This shared secret is typically known to both the server and the user’s device, ensuring that both parties can independently generate the same OTP at any given moment. The time-based element is crucial to the security of TOTP tokens. Both the server and the user’s device must be in sync regarding time. The OTP is valid only for a short window of time, usually 30 seconds, after which it becomes invalid and useless for any future login attempts. This time factor introduces an additional level of complexity for potential attackers trying to predict or brute-force the correct OTP. To fully grasp how TOTP tokens work, it’s essential to delve into the underlying hashing algorithms SHA-1 and SHA-256. But what is a hash? What Is Hash? A hash function takes an input (or ‘message’) and converts it into a fixed-length string of characters, typically a sequence of numbers and letters. This output is commonly referred to as the hash value or hash code. The critical characteristic of a hashing algorithm is that it is a one-way process, meaning that it is computationally infeasible to reverse-engineer the original input from the hash value. This property ensures that sensitive data, such as passwords and TOTP secrets, remains well protected. It’s important to understand the difference between encryption and hashing. While encryption involves transforming data into ciphertext that can be reversed using a specific key, hashing irreversibly transforms data into a fixed-size string of characters (hash). Hash functions like SHA-1 and SHA-256 generate unique hash values that are practically impossible to reverse-engineer, ensuring the security of TOTP tokens. The importance of secure TOTP token generation cannot be overstated. It safeguards sensitive information, strengthens authentication mechanisms, and bolsters the overall security posture of systems implementing 2FA. By adopting robust hashing algorithms like SHA-256, organizations can enhance their defenses against potential threats, providing users with a more secure and reliable authentication experience. See How TOTP Algorithm Works Using TOTP Token Generator 2. Vulnerabilities and Risks of SHA-1 in TOTP Token Systems SHA1, once considered a secure hashing algorithm, has been found to possess several vulnerabilities when used in TOTP token systems. These weaknesses can pose certain security risks, compromising the integrity of the one-time passwords and making systems more susceptible to attacks. However, transitioning to the more advanced SHA-256 algorithm can address these issues and enhance the overall security of TOTP token systems. Collision Vulnerabilities One of the primary vulnerabilities of SHA-1...

read more

Protectimus Customer Stories: 2FA for Ipak Yo’li Bank

Posted by on 12:03 in Protectimus Products | 0 comments

Protectimus Customer Stories: 2FA for Ipak Yo’li Bank

Ipak Yo’li Bank is one of the leading commercial banks in Uzbekistan, offering a wide range of financial services. The bank is actively expanding its digital infrastructure, with a strong focus on data security, 2FA, and protecting its clients’ information. We chose Protectimus for several key reasons. First, it allows us to host the MFA server on our premises, a crucial requirement for both our information security and legal departments. Secondly, it provides comprehensive multi-factor authentication coverage for all entry points to our corporate banking infrastructure, all from a single provider. Thirdly, the option to purchase a lifetime license for Protectimus MFA software has allowed us to secure access to our employees’ accounts for the long term. The implementation process was smooth, thanks to the excellent support provided by the Protectimus team at every stage. We primarily use MFA for Windows accounts and RDP connections, and the software has proven easy to install, configure, and use for our employees. Additionally, we’ve successfully used RADIUS integration, and as our infrastructure grows, we plan to expand our use of Protectimus integrations. We highly recommend Protectimus as a customer-oriented MFA provider with reliable products and a supportive team. Information Security Director at Ipak Yo’li Bank Key tasks for implementing 2FA for Ipak Yo’li Bank The administrators of the Ipak Yo’li Bank set the following tasks for the two-factor authentication (2FA) provider To secure employee account access when connecting via Windows and RDP. To implement multi-factor authentication for all entry points to the bank’s infrastructure. To utilize an in-house multi-factor authentication server for enhanced security. To ensure long-term protection by purchasing a lifetime license for the MFA solution. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus On-Premise Platform – an on-site two-factor authentication platform (a lifetime license was purchased for its use); Protectimus Winlogon & RDP – a solution designed to secure Windows accounts, both locally and through RDP connections; Protectimus RADIUS – a component that integrates with any software or hardware supporting RADIUS authentication; Protectimus Smart – an MFA app for generating one-time passwords, available on iOS and Android. Protectimus Two – hardware TOTP tokens for generating one-time passwords. Challenges and Solutions Securing Windows Accounts and RDP The Protectimus Winlogon & RDP multi-factor authentication solution was successfully implemented to safeguard employee account access. This helped prevent unauthorized access and strengthened the security of the bank’s infrastructure. The Protectimus two-factor authentication solution for Windows and RDP protects both local accounts and remote desktops (RDP). It is simple to deploy across multiple computers using GPO and supports automatic registration of users and tokens, making it ideal for corporate environments. It also functions in offline mode on local desktops. RADIUS integration The Protectimus RADIUS component enabled seamless integration of Protectimus multi-factor authentication with the bank’s existing infrastructure, allowing the Protectimus MFA server to connect with any software or hardware that supports RADIUS authentication. This ensured protection for all critical entry points. Lifetime license for the Protectimus On-Premise Two-Factor Authentication Platform For Ipak Yo’li Bank, ensuring maximum data protection was a top priority. Deploying an on-premise 2FA platform on their own servers proved to be the best solution. This approach avoided sharing user data with third parties, guaranteeing security and system reliability. By purchasing a lifetime license for the Protectimus...

read more

Strengthening Security with Multi-Factor Authentication for RADIUS

Posted by on 11:33 in Protectimus Products, R&D | 0 comments

Strengthening Security with Multi-Factor Authentication for RADIUS

As technology evolves, so do the methods of cyberattacks, making traditional authentication vulnerable. This is where Multi-Factor Authentication (MFA) steps in, offering an extra layer of defense. In this article, we delve into the synergy between MFA and RADIUS-enabled devices and software, exploring how this dynamic duo bolsters protection against modern security challenges and how to integrate multi-factor authentication for RADIUS. 1. What is RADIUS In computer networking, RADIUS, or Remote Authentication Dial-In User Service, is a protocol used to manage and secure user access to a network. It operates as a central authentication and authorization system, ensuring that only authorized users can connect to network resources. RADIUS facilitates user authentication by verifying usernames and passwords. It’s commonly employed in scenarios such as Wi-Fi access points, Virtual Private Networks (VPNs), and other remote access systems. RADIUS plays a vital role in enhancing network security by enabling administrators to control user access and monitor usage while maintaining a centralized and efficient authentication process. Integrating multi-factor authentication (MFA) can significantly strengthen this authentication process. Multi-factor authentication or two-factor authentication (2FA) adds an extra layer of security by requiring users to provide a second piece of information, such as a one-time code generated on a mobile device. In this article, we’ll explore why enhancing your RADIUS network security is crucial by implementing multi-factor authentication, and how to add MFA via RADIUS to elevate the security of network access. Distinguishing Between RADIUS Protocol, RADIUS Server, and RADIUS Client Let’s break down the RADIUS puzzle for a clearer picture: The RADIUS protocol stands at the core of this system, serving as the communication framework that enables secure data exchange between RADIUS servers and clients. It employs a client-server model where the RADIUS client, often a networking device seeking authentication for its users, sends access requests to the RADIUS server. This protocol ensures the confidentiality and integrity of sensitive information during transmission, safeguarding user credentials from potential threats. RADIUS servers, on the other hand, serve as the guardians of authentication. These specialized servers store user credentials and related information in a centralized database. When a RADIUS client forwards an access request, the RADIUS server validates the user’s credentials and responds with an acceptance or denial message. This centralized approach streamlines user management by allowing administrators to enforce policies and access controls uniformly, reducing administrative overhead and enhancing security. Meanwhile, RADIUS clients encompass devices that require user authentication for accessing network resources. These clients can range from Wi-Fi access points and switches to VPN gateways. Upon receiving a user’s access request, the RADIUS client relays the credentials to the RADIUS server for validation. If successful, the RADIUS client grants the user access to the requested services; if not, access is denied. This mechanism ensures that only authorized users can utilize network resources, bolstering the overall security posture. Understanding RADIUS and Its Vulnerabilities While RADIUS serves as a stalwart guardian of network access, it’s not immune to vulnerabilities. The RADIUS protocol lacks encryption for the packets exchanged between the client and server, except for the password. While the password is encrypted, the overall security of RADIUS relies heavily on its proper implementation. However, even with flawless execution, if a hacker only needs to overcome a password to breach an account, the vulnerability remains significant. Traditional single-factor authentication,...

read more

On-Premise 2FA vs Cloud-Based Authentication

Posted by on 15:00 in Engineering, Protectimus Products | 0 comments

On-Premise 2FA vs Cloud-Based Authentication

The basic idea behind any type of multi-factor authentication is communication between an MFA device and a server. An MFA server can be set up either on-premise (locally within your company’s infrastructure) or in a cloud. Both approaches have their pros and cons. In this post, we aim to give you a comprehensive comparison of cloud multi-factor authentication vs on-premise 2FA solutions to help you choose the best 2-factor authentication for your business. Test the Protectimus on-premise 2FA platform How 2-Factor Authentication Works Unlike single-factor authentication, which requires only a passcode, multi-factor authentication requires two, or all three of the next determinants: Something you know, which is your user password;Something you possess, which is your MFA security device or token;Something you are, or your biometrics for TouchID, FaceID, and the like. For MFA authentication to validate the user’s identity, the user’s token and multi-factor authentication server are required to share a secret key. So, any OATH 2FA authentication will work like this: The server and the user share a secret seed.The user logs in the application or website protected with MFA and enters the user login credentials.What happens next rests on the 2FA algorithm used. Either the user’s token mixes its secret key with the running time (TOTP), or with a counter (HOTP), or utilizes the challenge/response algorithm (OCRA). The token then provides the end-user with an OTP to enter on the protected website.The server goes through the same key+counter/time/challenge process and compares both values. If the values received from the token and the server are the same, the user is granted access. And, as we’ve already established, a two-factor authentication vendor can set up an MFA server either in the cloud or locally in the client’s environment. Now let’s look closer into cloud vs on-premise multi authentication. | Read also: Two-Factor Authentication Solutions Comparison: Google Authenticator vs. Protectimus On-Premise 2FA Pros and Cons Most 2-factor authentication providers offer on-premise solutions to those clients who need full control over all their systems and operations and have rigorous security policies. Local multi-factor authentication software installation allows the utmost protection for your server and your users. An on-premise 2FA server does not require any connection to the Internet and other outside networks, thus you can set it up on an isolated network. With on-premise 2FA not only do you have the fullest control over the system’s operations, databases, and all the sensitive data, you also have full knowledge of the platform’s equipment. This gives you many advantages, starting with the confidence in the system’s efficiency, and ending with the ability to quickly fix any issues if they occur. Naturally, local MFA setup comes with all the reporting tools you might require, including those for gathering stats, managing users and secret keys, etc. And if you need any custom features Protectimus team can add them for you. We can not say for every 2FA provider on the market, but the Protectimus On-premise Platform is very versatile. The platform runs on any major operating system like Windows, Linux, FreeBSD, etc. And it supports Google Chrome, Mozilla Firefox, Internet Explorer. We comply with every industry standard and uphold all the major OTP algorithms (HMAC, HOTP, TOTP, OCRA). Of course, there are drawbacks. You will have to spend quite a lot of time, money, and...

read more

Protectimus Customer Stories: 2FA for Volet

Posted by on 21:30 in Protectimus Products | 0 comments

Protectimus Customer Stories: 2FA for Volet

Volet is a popular payment system for convenient international payments and transactions with cryptocurrencies. Millions of people around the world use the Volet payment system services daily Volet has been cooperating with Protectimus since 2015, and we are extremely pleased with the results of this cooperation. Over the past years, we’ve had only positive cases of working together. Protectimus helped us at every stage, from integration to adding additional features that solved our specific tasks. For example, when we decided to abandon SMS as the two-factor authentication method, Protectimus suggested using chatbots in instant messengers to deliver one-time passwords, which is much easier, cheaper, and safer than SMS. For the entire period of using Protectimus 2FA, we receive service in the 24/7 format without any breakdowns or other issues, and the Protectimus support services are beyond praise. Using Protectimus, we are confident that Volet infrastructure and users are well protected. Protectimus gives us what money can’t buy – not a sense of security, but REAL security. I highly recommend it for implementation. Artem Sh., Information Security Director at Volet Key tasks for implementing 2FA for Volet The administrators of the Volet payment system set the following tasks for the two-factor authentication (2FA) provider To protect the accounts of Volet employees with 2FA. To protect the accounts of end users of the Volet payment system with 2FA. To add an additional layer of protection against phishing and data spoofing. To provide a choice of different types of 2FA tokens for Volet payment system end users. To organize targeted delivery of hardware 2FA tokens to the end users of the payment system. To find a way to deliver one-time passwords to the Volet end users that will be as convenient as SMS, but at the same time more secure and less expensive. The following Protectimus 2FA products were chosen to solve the above mentioned tasks Protectimus Cloud Two-Factor Authentication (2FA) Service; Users groups functionality is realized using the Resources; Geographic filters; IP filtering function; CWYS (Confirm What You See) data signing function; Classic hardware 2FA tokens Protectimus Two; Application for generating one-time passwords Protectimus Smart OTP (iOS and Android); Delivery of one-time passwords via Protectimus Bot chatbots in Telegram, Facebook Messenger, and Viber. Challenges and Solutions To perform the integration using API The functionality of integration with Protectimus two-factor authentication (2FA) service via API is available even for the free service plan. API integration documentation is publicly available on the Protectimus website. The Protectimus team is also ready to connect with the customer to help with the integration remotely, if necessary. To set different two-factor authentication (2FA) rules for the Volet employees’ accounts and payment system end users’ accounts The Protectimus two-factor authentication (2FA) service allows dividing users into groups using Resources. Volet administrators have created two 2FA Resources – one for the end users and another for company employees. These Resources have different security rules. For example, geographic filters and IP filtering are activated for the Volet employees. Besides, they can use only hardware 2FA tokens. At the same time, filters are not activated for the Volet end users, but the data signing function CWYS (Comfirm What You See) is. Also, the Volet end users have the opportunity to choose one of three types of 2FA tokens: hardware OTP tokens,...

read more

Why Is 2-Factor Authentication Required for Online Casinos in New Jersey?

Posted by on 12:21 in R&D | 0 comments

Why Is 2-Factor Authentication Required for Online Casinos in New Jersey?

In June 2022, the New Jersey state mandated all online gambling and sportsbook platforms to implement strong authentication, also known as two-factor authentication (2FA) or multi-factor authentication (MFA). Additionally, it is mandatory for their customers to activate MFA in their accounts. Some time after the regulation came into force, the New Jersey’s Division of Gaming Enforcement (DGE) reported that two-factor authentication for online and mobile sports betting is going smoothly and helps to reduce fraud so it considers this innovation effective. New Jersey is the first state to mandate two-factor authentication for both gambling websites and their users. By pioneering the mandate of MFA, New Jersey has set a precedent for other states to follow. Witnessing its effectiveness, Pennsylvania and Connecticut have followed suit, compelling both gambling operators and users to embrace multi-factor authentication. Ohio is also considering adopting a similar requirement for end users, as proposed by the Ohio Casino Control Commission. The decision to enforce multi-factor authentication in New Jersey stems from its effectiveness in bolstering security for both users and operators. It helps stop people from cheating and protects both users and online gambling platforms. It’s important to learn how to implement and use 2FA properly to make sure it works well. Table of contents Understanding Multi-Factor Authentication (MFA) Why two-factor authentication is mandatory in online gambling How to add two-factor authentication into your online gaming platform Best practices for implementing 2-factor authentication in iGaming Understanding Multi-Factor Authentication (MFA) Multi-factor authentication means that when a user enters their account, they will be asked to enter two or three authentication factors of different kinds. First of all, the user enters their username and password, and after that they confirm that they are who they claim to be by entering a one-time password received via SMS, the chatbot in the messaging app, or generated with the authenticator app. Alternatively, they may use their biometric data like a face ID or a fingerprint scan as the second authentication factor. To put it roughly, three types of factors may be used for authentication: Something you know (username, password, secret question, etc.); Something you have (usually, it is your smartphone and the apps on it that you use to get a one-time code or a physical OTP token); Something you are (anything of a biometric nature – fingerprints, face ID, etc.) Usually, it’s enough to combine two factors of different natures to make the login secure. In this case, we may use the term two-factor authentication (2FA) instead of multi-factor authentication (MFA), but both terms remain relevant. Why two-factor authentication is mandatory in online gambling Since the popularity of online games began to skyrocket, attackers have focused their efforts on hacking poorly protected online gaming accounts. Credentials stuffing attacks, phishing, brute force, keyloggers, and social engineering are used to get fraudulent access to the gamers’ accounts and then use them for different malevolent activities that vary from payment fraud and identity fraud to money laundering. Online gambling websites collect a lot of personal information from their players to verify their identity remotely. Unfortunately, this is precisely the kind of information needed for identity theft. There isn’t much difference between establishing your identity through the Internet for gambling purposes and establishing your identity as part of a scam. Protecting all of this...

read more

What We Know About Cybersecurity In 2024

Posted by on 11:52 in Industry News | 0 comments

What We Know About Cybersecurity In 2024

The cybersecurity landscape has become increasingly dangerous and challenging to navigate over the last number of years. Cybercrime has become a national and global threat to governments, corporations, as well as private individuals. Attacks are more frequent, and the potential consequences — including the loss of sensitive data, identity theft, business disruption and damage, and erosion of customer trust – are increasing exponentially year after year. With the conversation about cybersecurity becoming a matter of urgency in many boardrooms, IT specialists applying for a career in IT are more in demand than ever. As the need for cybersecurity becomes ever more urgent, it must surely be everyone’s top priority in the next twelve months. With that in mind, we teamed up with experts at Jooble to take a closer look at some of the main cybersecurity threats and trends in 2024. Cyber awareness in 2024 When we think of cyberwarfare, we imagine an ongoing battle between evil hackers, crafty criminal masterminds, and hostile foreign nations on the one side, and cybersecurity specialists fighting on the other side on behalf of the good guys. That’s not far off from reality. Cyber threats frequently originate from adversarial foreign countries and tech-savvy criminal organisations using ransomware and malware, social media attacks, and other means of all-out cyber warfare. However, threats to an organisation’s cybersecurity are just as likely to arise from poorly secured networks that unintentionally expose important data, or from careless employees operating unsecured devices. Consequently, in 2024, the need for strong cybersecurity awareness has never been more important. Cybersecurity risks & threats in 2024 The main objective, whether it is for an individual or an organisation, is to protect their digital data. Any minor weakness in computer software, a network, or a browser could allow hackers access to sensitive data, causing potentially irreparable harm to any business, government organisation, or private individual. Here are some of the potential threats to look out for in 2024: 1. Ransomware & Extortion  In 2022, the most intense cyber threat to the UK’s cybersecurity has been ransomware attacks. Cyber attackers employ ransomware to extort money from an organisation or private individual in exchange for the recovery of their ‘stolen’ or corrupted data. This practice is particularly prevalent in industrialised countries where specialised software is frequently used to carry out regular and essential business operations. Three out of every four enterprises globally have reported being the victim of ransomware attacks. In addition, 64% of businesses that experienced a ransomware incident paid the demanded sum, yet only 6 out of 10 were able to recover their data. As an example of the potential damage these attacks can cause, the WannaCry ransomware attack on National Health Service hospitals in England and Scotland affected more than 70,000 medical devices. In order to guarantee the safeguarding of sensitive/confidential data, internal governance, cyber awareness training, email security, backups, and other measures are urgently required in 2024. 2. The Internet of Things (IoT) The more devices we network and connect across the internet, the more potential entry points there are for hackers to access our data. Analysts estimate that 43 billion IoT-connected appliances will exist worldwide by 2024. Many IoT devices are easy targets for cybercriminals due to unsecured data transfer and storage, providing easy access to networks with weak security....

read more

Behind the Scenes at Protectimus: Where Cybersecurity Meets Fun and Innovation

Posted by on 10:47 in Protectimus Products | 0 comments

Behind the Scenes at Protectimus: Where Cybersecurity Meets Fun and Innovation

In the fast-changing world of cybersecurity, where every piece of code and every bit of data needs rock-solid protection, our company stands out not only for its cutting-edge multi-factor authentication solutions but also for its exceptional corporate ethos. In this article, we want to show you what’s special about Protectimus team. It’s a place where cybersecurity experts don’t just protect data; they also enjoy a lively and fun workplace. Come with us behind the scenes at Protectimus and see how our team blends top-notch security with a vibrant and enjoyable work environment. About Protectimus: Where It All Started The story of how Protectimus came to be is quite an interesting one. It all began when our founder was immersed in another project and faced the challenge of integrating a two-factor authentication solution into that product. Searching for such a solution proved to be a daunting task. It became apparent that finding a provider who responded promptly, offered seamless integration possibilities, didn’t burden users with integration fees beyond the standard subscription, and didn’t require administrators to undergo costly courses for setup and administration was no easy feat. Our future founder’s frustration peaked when he had to invest weeks of his life in courses provided by one of our competitors just to implement their two-factor authentication solution into his product. It was during this time that he resolved to create a two-factor authentication system that would be refreshingly straightforward to implement and configure, easy to manage, with no upfront costs, a free proof of concept, and the most accommodating support team imaginable. In 2013, this vision took root within a small group of developers, and today, it has blossomed into a widely adopted security solution trusted by some of the world’s largest tech companies, payment systems, and corporations. What sets Protectimus apart from other two-factor authentication providers is our unwavering commitment to assist every system administrator, Chief Information Security Officer (CISO), or company owner, regardless of their company’s size or industry, in seamlessly integrating two-factor authentication into their systems as swiftly and effortlessly as possible. We pride ourselves on our eagerness to assist, tailor our solution to meet specific needs, and respond promptly to every client’s request. Discover Success Stories from Protectimus Customers       A Glimpse of Protectimus Headquarters Nestled in the vibrant city of Dublin, Ireland, you’ll find the central hub of Protectimus — a place where innovation and cybersecurity flourish. Our choice of location not only aligns with Dublin’s tech-savvy environment but also underscores our dedication to being a part of the global cybersecurity community. Step inside our office, and you’ll encounter a modern, open-concept design that encourages collaboration and sparks creativity. The moment you walk through our doors, you’ll feel the passion and commitment that define our workspace. It’s more than just an office; it’s a haven of ideas and solutions, where our team diligently works to safeguard your online world. But that’s not the whole story. At Protectimus, our team transcends geographical boundaries. Many of our dedicated members work remotely, spanning various countries across Europe. This international perspective enriches both our approach to online security and our corporate culture, as it brings together a tapestry of diverse experiences and expertise. What sets our office apart is the atmosphere of fun and camaraderie. Here, everyone is...

read more

Active Directory Two-Factor Authentication

Posted by on 19:35 in Protectimus Products, R&D | 6 comments

Active Directory Two-Factor Authentication

It is hard to manage multiple users and systems, especially when there are not even hundreds, but thousands of them in a network. That’s why businesses and organizations love Microsoft Active Directory. It allows for storing and managing all the information on the organization’s systems, users, their credentials, sites and whatever else you might think of in a network, in one place. But you must agree that this much of fundamentally important information kept in one place makes Active Directory a tidbit for hackers. And simple password-username verification is far from sufficient to protect it all from attacks. This is why multifactor authentication is especially crucial for Active Directory security. Dynamic Strong Password Authentication (DSPA) solution from Protectimus has it well-cowered for you and your users. Adding the second layer of security to all systems and services attached to Active Directory in one go has never been easier. In this article, we will describe in detail how our two-factor authentication solution for Active Directory works, why ours is the easiest approach to Active Directory MFA, which methods of MFA can be used with it and how to get it running. We will also provide answers to the most asked questions on our solution for the Active Directory multi-factor authentication. Download component for Active Directory 2FA How it works Protectimus Dynamic Strong Password Authentication (DSPA) operates via direct Active Directory integration, it simply adds a 6-digit dynamic password to the static user password. These 6 symbols are essentially a one-time time-sensitive pass code that is generated with the TOTP algorithm. This one-time password (OTP) is constantly changing. As a result of the ingenious integration, to get into a Microsoft AD attached account the user needs to enter a combined pass of this configuration — u$erp@ssword123456, the u$erp@ssword part here is the never-changing password devised by the user, admin, or generated by the system itself and the 123456 part is a dynamic OTP generated by Protectimus MFA token. The company’s Active Directory server administrator can set the time-step, in which the OTP is changed, to 30 seconds or more (for example, for 600 seconds). So the DSPA part (those 6 digits OTPs) of the user passwords constantly change according to the timeline determined by the admin. Besides, teams of users can be made to be, or not be subject to the DSPA element in their static passwords; making the two-factor authentication AD required for the most valuable accounts only. | Read also: Two-factor authentication for Windows 7, 8, 10 Advantages of this approach to AD 2-factor authentication 1. Advanced Active Directory security Every regular 2-factor verification arrangement adds the second layer to the endpoints only. As a result, the hackers have a window to bypass 2FA and call the user directory up straightforward. Active Directory domain is easily called up through the Windows command prompt, so the hacker simply needs a user’s credentials (login and password) to act maliciously under their name and no Active Directory 2-factor authentication will be there to stop him. Two-factor authentication Active Directory solution from Protectimus allows to enable the complete system protection and ensure no-one can get into AD without the additional dynamic OTP. 2. Ease of use and maintenance for AD administrators Another issue that our solution for Active Directory two-factor authentication easily fixes...

read more
Share This