![]() ![]() Log into your Symantec Endpoint Protection Cloud services securely without ever having to remember passwords on both your computer and mobile with SAASPASS Instant Login (Proximity, Scan Barcode, On-Device Login and Remote Login). Although I know there will be some that do not get this message and will try and use it in that context anyway.Secure access to Symantec Endpoint Protection Cloud with SAASPASS multi-factor authentication (MFA) and secure single sign-on (SSO) and integrate it with SAML in no time and with no coding. So all of you out there thinking the Council has approved of using two passwords as an approved multi-factor authentication solution need to think again. Therefore if you are using true two or three factor authentication your security is still effective. But if you also require either of the other two factors, the attacker may have credentials but they do not have those other factors needed to use those credentials. Why are two passwords not considered secure? An attacker only has to compromise your authentication system and they would likely have access to those two sets of credentials. Although those biometric factors are arguably much stronger than just two passwords. This holds true for using a fingerprint and an iris scan as those are also two items from the same category. It is using the same category twice which is not considered secure. Therefore using two passwords is not using factors from two of the three categories. Using a password with the token number and a fingerprint is three factor authentication. Using a PIN with a fingerprint is two factor authentication. Using only a password is single or one factor authentication. In order for multi-factor authentication to be secure, you must use one of the factors from each category, hence the terms one, two and three factor authentication. Inherence also referred to as ‘something you are’ such as a fingerprint, hand or voice. ![]() ![]() Possession also referred to as ‘something you have’ such as an RSA SecurID or Symantec VIP token, and.Knowledge also referred to as ‘something you know’ such as a password or passphrase,.Multiple factors of authentication are defined as: I have discussed this in a previous post, but I thought the time was right to discuss this topic again before QSAs start running into organizations trying to pawn off two passwords as valid multi-factor authentication. It is driven by the fact that the term typically includes stupid practices such as using two sets of credentials. The reason for all of this concern? It is because most of us in the information security profession dislike the term “multi-factor authentication”. This change resulted in some heated discussion in the Q&A session that followed their presentation.Įven though the Council was very, very clear what they meant by multi-factor a lot of us have concerns about that terminology. During the recent PCI SSC’s presentation on the coming changes to v3.2 of the PCI DSS, one of those changes is the adoption of the term “multi-factor authentication” instead of “two-factor authentication”. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |