User Permissions and Two Factor Authentication
A secure security infrastructure is built on the user’s permissions and two-factor authentication. They reduce the risk of accidental or malicious insider activities, limit the impact of data breaches, and ensure the compliance of regulatory authorities.
Two-factor authentication (2FA) requires a user to input credentials from two different categories to sign into an account. This could be something that the user is familiar with (passwords, PIN codes, security questions) or something they have (one-time verification code that is sent to their phone or an authenticator app) or something they actually possess (fingerprints or a face scan, or retinal scan).
2FA is usually a subset of Multi-Factor Authentication which includes more than two components. MFA is a requirement in certain industries such as healthcare as well as e-commerce and banking (due to HIPAA regulations). The COVID-19 virus has added a new urgency for organizations requiring two-factor authentication for remote workers.
Enterprises are living organisms and their security infrastructures are continuously changing. New access points are developed daily, users change roles, hardware capabilities evolve and complex systems enter the fingertips of everyday users. It is important to regularly evaluate the two-factor authentication strategy at regular intervals to ensure they keep up with the latest developments. Adaptive authentication is a method to accomplish this. It’s a kind of contextual authentication that creates policies based on time, location and when a login request is received. Duo provides a central administrator dashboard that allows you to easily set and monitor these types of policies.