Weak or stolen user credentials are the hackers preferred weapon and are exploited in more than 60% of all network breaches

Source:2016 Verizon Data Breach Investigations report.

How does multi-factor authentication improve security?

Multi-factor authentication adds trust to the login process by using multiple factors to validate the identity of the user at the point of login. CensorNet authenticates users by sending a real-time, session-specific OTP (One-Time Passcode) to the user’s mobile phone via SMS, app, voice-call, or email. Once the OTP has been validated, the user is granted access. It’s that simple!

undefined

Why choose CensorNet Multi-Factor Authentication?

CensorNet’s Multi-factor Authentication (previously known as SMS PASSCODE) has an advantage over traditional two-factor authentication solutions which as the term suggests are simply based on two factors; something you know (username and password), and something you have (a one-time passcode). The CensorNet solution looks at multiple factors surrounding each particular login. These factors include things such as session ID, network IP and geo-location, number of successful logins, type of system being accessed, time of login, and device being used. All of these factors add context that help determine the level of trust and whether the user should be authenticated or blocked.

undefined

What makes CensorNet Multi-Factor Authentication more secure?

CensorNet Multi-Factor Authentication is adaptive, real-time, challenge-based and session-specific, and takes advantage of contextual information when validating the user, thereby protecting against identity theft and modern Internet threats.

Challenge-based
Challenge-based

Unlike solutions relying on pre-issued passcodes, CensorNet Multi-Factor Authentication only generates the passcodes once a challenge (username and password is validated) has been fulfilled.

Real-time solution
Real-time solution

All passcodes are generated in real-time at the point of login. No pre-issued passcodes. No seed files to be hacked.

Session-specific passcodes
Session-specific passcodes

All passcodes are locked to the session-ID of each particular login attempt for maximum security. This reduces the attack surface from being accessible from any device to a single device.

Contextual-based OTPs
Contextual-based OTPs

The OTP time validation period and delivery form adapts based on the context of the user.

GEO Fencing
GEO Fencing

Increase security by blocking access from high risk locations or regions.

Contextual user notifications
Contextual user notifications

Users receive information about the GEO-IP location of their login to help identify possible man-in-the-middle attacks.

Protection against brute-force attacks
Protection against brute-force attacks

CensorNet Multi-Factor Authentication includes advanced brute-force and denial-of-service attack detection and protection.

Hardened security keeps your data safe
Hardened security keeps your data safe

Our passcodes are cryptographically strong random generated OTPs using FIPS-140 validated crypto modules and all communication between components is AES 256bit encrypted. Our platform itself is fully authenticoded and obfuscated.

Because we have multiple login systems and many different login scenarios to support, it is a relief that we can solve all our user authentication needs with the new platform and be compliant to the strict regulations set forth by the law makers.

Martin Schimmelsystem administrator - DTU

How is CensorNet Multi-Factor Authentication more user-friendly?

CensorNet Multi-Factor Authentication leverages the one thing users always carry with them – their mobile phone. The solution is intelligent, intuitive and so convenient that end users will happily maintain compliance. Here are some of the components that enable a superior user experience with CensorNet Multi-Factor Authentication:

Automatic failover
Automatic failover

Easily set up highly sophisticated failover mechanisms to ensure that the OTPs always arrive. The solution can even adapt between delivery methods based on the login context of the user, e.g. the location.

Adaptive User Authentication
Adaptive User Authentication

For even greater user convenience the solution can be configured to dynamically change the level of authentication needed based on e.g. where the users are located when logging in, what time they are logging in, and what network they are logging in from, and how many successful logins have been made from a particular location. For example, if the user is logging in from a trusted location such as the comfort of their home (where they have logged in from before), then they will not be prompted for an OTP in order to authenticate. On the other hand, if they are attempting to log in while traveling i.e. from an airport lounge or hotel with a public Wi-Fi then an OTP would be mandatory to gain access.

Status Feedback
Status Feedback

CensorNet provides unique status feedback that enables the user to follow the login progress. Status feedback inspires user confidence and reduces the number of helpdesk calls.

MemoPasscodes<sup>TM</sup>
MemoPasscodesTM

Make innovative use of letter combinations to provide users with easy-to-read passcodes, helping support the smooth intuitive login process of CensorNet Multi-Factor Authentication.

Easy to implement. Easy to manage. Easy to scale.

CensorNet Multi-Factor Authentication is very easy to install, deploy and administer. CensorNet Multi-Factor Authentication offers flexible policy-driven administration, and protects multiple platforms on a global scale. The solution integrates seamlessly with both remote access systems and cloud applications.

Simple user provisioning
CensorNet Multi-Factor Authentication allows for one-click integration to Microsoft Active Directory (AD), but also supports any LDAP store without schema changes or extensions. Add new users on the fly as your business grows.

Embrace flexibility as circumstances change
Circumstances change and you need a platform that you can rely on as your business requirements evolve. Through CensorNet Multi-Factor Authentication’s advanced policy engine you have maximum flexibility to easily tailor the solution to your security needs while maintaining convenience for the users. This unique engine enables a secure, flexible, and convenient user authentication process that you can depend on anywhere and anytime.

Detailed reporting
Monitor system usage, spot trends in login patterns, and see high-risk locations and potential attacks in real-time. 

What can you protect with Multi-Factor Authentication?

CensorNet Multi-Factor Authentication supports a broad set of login systems for remote access. The platform is designed to integrate seamlessly into VPN/SSL VPN Clients, cloud applications, websites, and remote access solutions like Cisco, Citrix, Microsoft, VMware, F5, Juniper, Barracuda, Watchguard, etc.

Here are two typical multi-factor authentication use case examples:

Organization A

Organization A has 5,000 employees across multiple office locations around the world. The workforce is highly mobile and typically access corporate networks and applications remotely through Citrix NetScaler and Cisco ASA VPNs. Access to webmail (OWA) and the company’s CRM (Salesforce) are also secured by CensorNet Multi-Factor Authentication. Organization A takes advantage of the advanced capabilities of the platform to adapt the level of authentication needed based on the level of trust surrounding each login, and by adding GEO-fencing to block logins from high-risk countries.

Organization B

Organization B has 500 employees. Remote access is done through Microsoft Remote Desktop which is protected with Multi-Factor Authentication. Organization B also operates an Extranet where employees and external consultants can exchange information. They use CensorNet Multi-Factor Authentication to keep their data safe and easily manage, add or remove users on the fly.

Secure access to your systems and applications

Regardless of whether you want to protect cloud apps or a remote access system, we give you all the integrations and scalability you need.

undefined

What you need to get started?

CensorNet Multi-Factor Authentication can be deployed as an on-premise solution or as a hosted solution through one of our managed service providers. Each option has its advantages. Please contact us to find a solution that is best for you. You can also take us for a test drive with a free trial.

How long does it take to implement Multi-Factor Authentication?

CensorNet’s Multi-Factor Authentication solution is notoriously easy to install and configure, and most customers are up and running within a few hours.

Keeping costs low

Businesses of all sizes are being targeted by hackers and keeping data safe is no longer just a concern for large corporations. At CensorNet we believe in providing affordable multi-factor authentication technology to any business, regardless of size.

Regardless of whether you are replacing a current user authentication solution or implementing user authentication for the very first time, you will benefit from a cost-effective solution that ensures your employees can easily and safely access corporate networks and applications remotely.

Understanding the buzzwords

The IT industry is riddled with buzzwords, and it is no different when it comes to user authentication, and the industry evolves so fast that it can be difficult to keep up. To make your research easier we have compiled a list of words and abbreviations that you are likely to encounter:

Keyfobs = Hardware tokens
Old school form of user authentication developed in the 80s to protect against basic threats like keyloggers. HINT: This is bad, because the passcodes are all pre-issued from a seed file. Your users will hate having to carry something extra, your IT team will hate the management, distribution and cost of the tokens, and most importantly they are vulnerable to even basic phishing attacks.

Soft tokens = Software tokens
An evolution of the hardware token, but where the passcodes are delivered to a mobile device. 

HINT: This is bad, because although more convenient, the soft tokens such as Google Authenticator or Microsoft Authenticator are based on the same use of pre-issued passcodes.

OTP = One-time passcodes
Passcodes used by users in combination with their password at the point of login. 

HINT: This is good since the passcode can only be used once.

tOTP = Time based one-time passcodes
A term typically used by hardware authentication providers where codes are valid for a certain period. 

HINT: This is bad, because unless tied to the session ID the codes can be used on any given device together with the right password.

hOTP = event based one-time passcodes
These passcodes are typically used by hardware authentication providers where the codes are triggered by an event i.e. push of a button on the token. 

HINT: This is bad, and does not provide your organization with the right level of security to safeguard against modern threats.

OOB = Out-of-band
This is when two separate networks are used simultaneously to authenticate the user. 

HINT: This is good, and most multi-factor authentication solutions today are OOB.

SMS-based authentication
A method of authentication where an OTP is sent to the user via SMS. There are many forms of SMS-based authentication. CensorNet uses real-time SMS-based authentication where the code is challenge-based and session-specific. Other vendors typically send pre-issued passcodes as SMS which is less secure. Vendors that struggle to deliver the OTPs in a timely fashion will typically use a form of SMS-based authentication where the OTPs are delivered in advance of the login, which negatively affects the user experience. 

HINT: Insist on modern SMS-based authentication that is real-time, challenge-based and session-specific, and make sure there are automatic failover options in place like voice-call, app or email to ensure that users can always rely on the OTPs arriving. 

Challenge-based authentication
Challenge-based authentication means the passcode is not generated until the user’s credentials have been validated. 

HINT: This is good, and enables you to generate OTPs in real-time, which raises security significantly.

Session-based authentication
If your authentication solution offers session-based/session-specific protection, then each OTP generated is tied to the individual login session ID, meaning it is ONLY valid for that particular login. 

HINT: This is good, and helps secure access against more advanced cyber attacks.

Contextual information
Also referred to as contextual intelligence, is the context around each login that helps determine the level of trust at the point of login. Examples could be, session ID, GEO location, time, system being accessed and login behavior. 

HINT: This is good, because it enables a more intelligent form of user authentication and contributes to both stronger security and higher user convenience.