Two-factor authentication

Tools4ever's Self Service Password Management has always been available with a web interface, in order to allow users to reset their Active Directory passwords from an intranet or via the web. On the basis of a number of simple, predefined questions end-users can reset their password. Although this has been widely adopted in mostly educational establishments, some form of two factor authentication has been requested by many of our corporate customers. On the 18th of February we released SSRPM Security Module, which adds two-factor authentication via email. Two-factor authentication (TFA or 2FA) means using two independent means of evidence to assert an entity's identity to another entity.

When a user logs onto the Active Directory domain for the first time following an SSRPM deployment, as well as answering a question set configured by the administrator, they will also be asked to supply a private email address. If an end user should subsequently forget their password, they can answer the challenge questions in the standard way. However, before they can reach the final stage and submit a new password, they must first enter the PIN emailed to their private address. This scenario illustrates the basic parts of most two-factor authentication systems; the "something you have" + "something you know" concept. Two-factor authentication secures the web interface already. But we intend to extend this even more by enabling the forwarding of PINS to mobile phones by SMS. Watch this space for further information!

Single Sign On: regulating access cards

By now, many organisations are aware of the advantages of Single Sign On (SSO). Employees benefit from SSO because they only have to remember a single (complex) password rather than dozens of (complex) passwords, the IT department receives fewer password reset calls and network security is enhanced ensuring the organisation can meet auditing requirements.

Read more

Who’s speaking please?

The majority of calls received by the IT helpdesk need to be verified. After all, to protect the network, helpdesk needs to be certain that the caller is who they say they are before they can grant access rights to applications. So, how can they do this whilst protecting each end-user's personal information?

Read more

Access Management and SOX compliancy/audits

We frequently deal with companies that have to be compliant to SOX regulations. This often has a big impact on the IT department, particularly with regards to managing access rights. We find in these scenarios there are three very common issues which tend to arise:

Read more

Password Synchronisation vs. Single Sign On

Clients often ask me to advise them on reducing the number of passwords end-users need to use in order to access their account and applications. Their first approach, in order to avoid multiple passwords, is usually to ensure that passwords are synchronised over different systems.

Read more

SSO- The new software that could be the answer to NHS data protection woes

Healthcare organisations such as hospitals and surgeries operate complex networks comprising various applications running on multiple systems. Users need to have access to multiple applications for e-mail, the helpdesk and patient data, etc. In order to comply with increasingly strict security requirements, staff must enter separate username and password combinations for each application.

Read more