With an increasingly mobile and digital workforce, how do you ensure the security of employee and customer data? The rise in cyberattacks on corporate networks has made customer data more vulnerable to hacking. It has necessitated the need for companies to have adequate measures in place to provide secure remote access to their customers and employees.
Today, most companies use either SSL VPN or IPSec to secure the remote access. However, this does not address the authenticity of the remote users. 2-factor authentication (2FA) is an industry accepted solution for remote user authentication. It provides an extra layer of security by sending a one-time password (OTP) to users via SMS on their web app or mobile device thereby minimising the risk of potential cyberattacks.
Why is 2FA important?
Passwords, even if they adhere to best practices, are not fool proof in preventing adversaries from hacking into confidential digital platforms. Cybercriminals can use tactics such as phishing sites and social engineering to obtain passwords and exploit victims of their sensitive personal data.
2FA, which requires two different keys before users can log into their accounts, decreases the chances of cyberattacks significantly. These keys are often time sensitive, and expire after a set period of time, ensuring that unique keys are used at every login attempt, further reducing the risks of an account takeover.
SMS One Time Password (OTP) is a common setup for many 2FA systems. This typically involves users keying in their password into the account, then putting in the OTP they received through SMS into the login process before they can access their account.
The sendQuick ConeXa platform has equipped clients with secure remote access via 2FA using SMS OTP, and using a mobile soft token as well. It is an ideal solution for companies seeking low-cost and seamless 2FA implementation. It comes built-in with a server with OTP generator capability and sends it across via SMS. It also supports soft token OTP, supporting any st andard SHA-256 soft token.
End-users need not have access to the password via any devices, apart from their mobile phones. sendQuick ConeXa integrates well with your organisation’s Active Directory or RADIUS, and can support multiple SSL VPN sessions as required.
With sendQuick ConeXa, even if a hacker gained access to a user’s login credentials, an additional password is sent to the user’s mobile phone to further verify the user’s identity. The additional password sent out is for one-time use only and will expire depending on the time settings inputted into the one-time password generator.
We’ve successfully helped customers across various industries to develop a 2FA system to secure their systems. Read more from one of our case studies here.