Security Customer Authentication and 2FA Tools for Your Business

As time goes by, the importance of online security becomes a vital thing for a bigger number of industries. Our gadgets bring convenience to our routines but make us more vulnerable to attackers. But we don’t have time for negative thinking, and we’re going to prove you that any business can fight malware threats.

As people store lots of private information on the web, the first thing worth discussion is customer authentication. How much do you really know about this popular means of protection? We’ve gathered some precious pieces of knowledge for you as well as the list of handy tools to use in practice.

Article Navigation:
How Does Strong Customer Authentication Work?
Strong Customer Authentication Methods for Your Business
The 3 Most Popular 2FA Solutions for Enterprises

What Do CA and 2FA Mean for Your Business?

No matter how long we have to go to the finish line, it’s always better to start with simple definitions.

Customer authentication is a process of user’s identity confirmation via passing his credentials to the machine. This good old method we all know and have learned to manage our numerous passwords and logins. But stealing a password is like a walk in the park for the attacker, and that’s where 2FA appears.

Strictly speaking, this protection method appeared quite some time ago – in February 2011, Google announced two-factor authentication (2FA) as a new security layer for its users. MSN and Yahoo went the same way very soon.

This term has lots of variations: “strong customer authentication”, “two-factor authentication”, or more generally “multi-factor authentication”. In any case, it means that the user should have something really personal to confirm his identity (for instance, a smartphone). Usually, technicians say that 2FA requires something you know (a password and a login) and something you have (a device).

Read also: The Top 5 IoT Security Challenges in 2018

Providing your app with a strong customer authentication, you protect users from social engineering attacks and secure weak credentials. So it’s no wonder that this method is used widely in the banking sphere (but not only there).

The costs of cyber attacks rise very fast with each year. For instance, only in the USA, the cybercrime cost reached the number of $ 21.22 million in 2017.

Average annualized cost of cyber attacks on companies in selected countries as of August 2017

Cost of Cyber attacks

Source: Statista

This is the reason why more companies prefer spending their money on solid security instruments, which eventually influence their reputation on the market. By the way, let’s see what your users might think about the cybersecurity issue.

How important do you consider cybersecurity to be?

Cybersecurity importance

Source: Statista

This chart proves once again how the need for security is important no matter if it is your real or virtual life. You should agree that implementing two-factor authentication is one of the keys to the loyalty of your employees or final customers, so it would be a mistake not to use it.

How Does Strong Customer Authentication Work?

The easiest and most popular way to use a 2FA is via a secret code which is sent to the mobile device. In the United States, this method has been on top since 2010 (even before Google officially announced its 2FA).

Share of Internet users in the United States who use two-factor authentication in 2010 and 2017, by method

Two-factor authentication usage

When creating an account with a 2FA access, you provide your phone number. So, there are basically three sections that a user should fill in:

  1. A login name.
  2. A password.
  3. A two-factor authentication code from the SMS.

The code you’re getting is always a unique combination of numbers, unlike your password. Nowadays, an SMS is sometimes replaced by the biometric data such as your face or fingerprint.

Read also: Pros and Cons of Facial Recognition Technology for Your Business

Two-factor authentication usually doesn’t take place every time you enter an app. Depending on the vulnerability of the data stored in the app, it may trust your device for 30 days or a year. Some services give users an opportunity to manage settings of a secret code: you can allow a service to trust your current device or not.

But at this point, you should know that your business has a lot more options than an access via SMS – choose what feels right for your goals.

Strong Customer Authentication Methods for Your Business

If at this moment you’re not ready for sophisticated two-factor solutions, the best option for your business is to choose one-time passwords. They wouldn’t require dealing with biometrics but you still have a wide choice of tools.

SMS

This method we’ve just discussed, and the flow of its work is pretty simple to understand.
Pros: As this option is the most popular, any mobile user knows how it works, and an access via SMS would be cost-effective for your company.
Cons: The only way to lose an access is to lose a phone, which means that an SMS method makes private data vulnerable when a device is stolen.

Email

It is pretty much the same as an SMS method, but this time, users should have an access to the other account – their email.
Pros: A personal electronic mailbox can be opened from any device, so you’re not tied to a smartphone. Plus, mail letters are also cost-effective for businesses and understandable for users (there’s hardly anyone who doesn’t have his own email).
Cons: If we talk about inconvenience, we all know that emails are not always delivered on time. As for threats, email accounts are easy to steal, and the attackers will be able to get secret codes.
 
Custom authentication tools
 
Read also: Mobile Application Security Checklist

Voice call

This is a less popular option, but it’s sometimes used by enterprises. In this case, a user gets a call to his phone, and he gets a two-factor authentication code via a text-to-speech service.
Pros: Receiving call is the even more habitual thing for customers than the SMS texting, and there’s no need for data connection.
Cons: Again, you must have a smartphone by your side to complete authentication. And nothing’s perfect – calls can be forwarded or intercepted by hackers.

Hardware tokens

This solution is used by companies where employees should have the highest security level. A person is given a physical device that generates secret codes.
Pros: No need for reception or Internet connection – only a standalone device per each user.
Cons: This is the most expensive method among non-biometric ones. Since an employee depends only on the token, there’s no chance to authenticate if a tool is lost.

Software tokens

Instead of a physical object, users should install an application on their computer or smartphone. As for the work principles, they stay the same – an app generates a code.
Pros: In case of update, it’s cheaper to renovate an app than a physical device. Apps are often easier to use, and patches can be employed any time.
Cons: Any information on the personal device can be stolen by attackers. A software token can be hacked, and users won’t even know about it.
 
Read also: Token Based Authentication: How to Improve Your App Security

Push notifications

This method is also easily understandable as we’re receiving push notifications from lots of our apps. This time, it’s not about a password but about a small conversation – you should answer “Yes” or “No” to your phone.
Pros: This connection between an app and authentication process has a high level of security.
Cons: The risk to lose a phone is always there when we mention any option considering smartphones.
 
No one knows your employees or customers better than you do. If you work with an aged audience, there’s no need to implement sophisticated solutions. If your company deals with a big amount of private data, consider more spending on the proper level of protection.

The 3 Most Popular 2FA Solutions for Enterprises

The safest way to begin the 2FA experience is to use ready-made tools already existing on the market. We’re going to review three of them, but you can find a lot more variations on the market. Let’s see what set of features such tools usually have and how your enterprise can benefit with them.

1. SAASPASS

Pricing: it depends on the goals of two-factor authentication. If you use it for employees, the price varies from a free model up to $6 per employee/month. If you have an app for a wide audience, you can also pick a free or a paid model – it is up to $3 per user/year.

What’s so special:

  • Many options for protection. Except for those methods we’ve discussed above, you’ll be free to choose more complex options like touch ID support.
  • Recovery. It is easy to recover an ID if your device is lost and the password is not shared with other devices.
  • VPN is followed by 2FA. It means that your VPN can be safer having not one static password but dynamic two-factor authentication codes.

2. Entrust IdentityGuard

Pricing: the exact price should be confirmed with the sales department of the company.

What’s so special:

  • Easy experience for end users. Despite this tool has lots of security options, end users won’t be confused with a big number of credentials needed to access an app – it is reduced for a smooth usage.
  • Lots of authentication methods. No matter what you opt for – a usual one-time password or hardware tokens, Entrust can deal with any issue.
  • Easy integration. The tool is built to meet all needs of your business, and you can begin as soon as possible as IdentityGuard API was created for a quick and tight integration.

3. Azure MFA

Pricing: depending on the model you choose, the price can be $1.40 per month for unlimited authentications or $1.40 per 10 authentications.

What’s so special:

  • Monitoring and reports. Azure takes care of all inconsistent sign-in issues thanks to a constant monitoring. Plus, your team will get reports in a real-time format to trace any suspicious behavior.
  • Integrating with Office 365. Any Office 365 apps used at your company will be also protected at no additional spending from your side.
  • The highest security level. Azure is famous for using the best practices and highest standards to provide all customers with qualitative services.

Safety Continues Your Business

New malware reports show the increasing number of threats both for enterprises and individual users. Technical geniuses haven’t invented an ultimate weapon to fight this problem, but what we know for sure is that mobile app protection is much cheaper than healing your business after an attack.

Where should you start? Choose a protection method and find a team with a trustworthy expertise. At TecSynt, we’re fond of a solid software security because this is the sturdiest brick in the app’s reputation.

Read Next

OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
Token Based Authentication: How to Improve Your App Security
Token Based Authentication: How to Improve Your App Security
Secure Wallet App for iPhone
Secure Wallet App for iPhone
The Top 5 IoT Security Challenges in 2018
The Top 5 IoT Security Challenges in 2018
Don’t leave us hanging!
Get in Touch