Bringing two-factor authentication (2FA) and Office 365 together
The challenges facing technology manager are moving at unprecedented pace, with the areas of digital transformation and security presenting new threats and risks every day. One of the greatest challenges lies in the fact that these key areas tend to transcend multiple projects and often rely on a wide number of different technologies. There can naturally be challenges where they intersect.
Looking at authentication
One of the main security issues facing businesses is Identity and Access Management (IAM), which is the ability to prove someone’s identity and ensure their access is limited to the data they have permission to view. A crucial element of any IAM strategy is the “I” – proving someone’s identity.
The traditional username and password systems that we have used for decades are proving to be ineffective in protecting systems and data. They are often compromised, which has led to the creation of two-factor authentication (2FA) as an extra layer of defence.
Two-factor authentication relies on users providing two pieces of information in order to access a system. The authentication forms required typically come from the categories of: ‘something they know’; ‘something they have’; and ‘something they are’. The ‘something they have’ could be a randomly generated code that changes every few minutes, perhaps sent as a text message or generated by a key fob or a smartphone app. The ‘something they are’, might rely on a biometric tool like a fingerprint or facial recognition.
Want to learn more about how 2FA works with Office 365? Sign up for our 2FA webinar.
Cloud services change the security model
As businesses move systems towards the cloud, online services like Office 365 are becoming increasingly popular as they allow personnel to access company information from wherever they are in the world. But this convenience creates new challenges. IT departments no longer control where a user can access corporate documents. As a result, securing valuable corporate data requires a more robust approach.
There are a number of ways to implement two-factor authentication with Office 365, so technology managers should look for a flexible solution that supports both PKI cards and a user-friendly mobile app featuring push notifications. Your 2FA solution also needs to offer you the freedom to support new login and authentication methods as they are developed.
To streamline 2FA deployment and administration, look for a 2FA solution that does not require managing or synchronizing user passwords in the cloud, as this can compromise security. Also, look for a solution that allows you to use identities from your local Microsoft Active Directory. The idea is to lessen the administrative burden on the IT department – not to make life more difficult!
Bringing things together
When a good 2FA system is in place, a user trying to access Office 365 will be prompted to provide authentication via two factors. Factor combinations could include a PKI card in a PKI card reader plus a pin; a one-time password generated by an OTP security token plus a static password; or a national electronic ID plus a biometric finger print. Or the user could be asked to open a mobile app – such as Nexus Personal Mobile – and confirm that a random picture shown there matches one in the target application. For users, this adds an extra step when they access systems. This is an important consideration and one that often receives scant attention. Before 2FA is enabled, it is vital to inform users about the changes being introduced and to ensure that IT managers have adequate support in place to assist users who encounter difficulties.
Remember to make at least two different authentication methods available to users, so that if one fails to work as expected users can turn to the other one and still gain access. This is particularly important for staff who travel often. If they are in a location where they don’t have mobile phone connectivity, they are still likely to be able to access the systems they need to work by using another authentication method.
Want to learn more about 2FA? Sign up for our 2FA webinar.
Published 11/4 2018