Two-Factor Authentication Helps Fight Unauthorized Access

Posted 2.28.13 by

Access is a huge security concern for every company, no matter the industry. Thus, having an extra layer of technical security in place that employees must go through in order to access a company’s network can help reduce the risk of online fraud or unauthorized entry by an attacker.

Passwords alone aren’t secure enough. If they’re easy to remember, they’re easy to guess; and if they’re strong and difficult to guess, they’re difficult to recall (and what’s the point of having a password if it’s written on a post-it note attached to your monitor?). Two-Factor authentication (which can sometimes be called dual-factor) requires the user to have two of the three different types of authentication factors: either something a user knows (a password), something a user has (a mobile phone), or something a user is (fingerprint).

A common use of two factor authentication would be a user putting in a remembered password. Then, a request to authorize would be sent to the mobile phone associated with that specific username. Once the request is accepted, the user is able to get into the system.

Two-Factor Authentication

Not only is this appealing as a strong safety measure, if you store, transmit, or process credit card information, it is required in order to be PCI compliant. PCI requirement 8.3 states:

Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dial-in service (RADIUS) with tokens; or other technologies that facilitate two-factor authentication).

If outsourcing your PCI compliant hosting, ask your provider if they offer two-factor authentication, and what methods they have available to best suit your company. Also for more information you can check out our two-factor authentication FAQ.

More Reading:
PCI Compliance Breakdown: A Tale of Two Servers
Michigan Hosting Providers Offer Cost-Effective IT Security for SMBs
PCI Compliant Requirements & PCI Compliant Services Matrix

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!