Решения

It is well known that using passwords to enter your applications does not provide sufficient data security. It is estimated that 80% of passwords can be hacked within 18 minutes. Hackers can use phishing to crack password — more than 60% of users use the same password for different applications. Despite the fact that there are many methods of strong authentication, they are rarely used. The main reason is the myth of complexity and high cost of implementation of methods of two-factor authentication.

Blitz Identity Provider refutes that myth:

• You do not need to improve all existing applications in the organization — it is enough to use a single account with Blitz Identity Provider. Two-factor authentication will be provided by Blitz Identity Provider itself.
• You do not need to buy special devices for each user and do not need to spend money on SMS. Users can use their smartphones as authentication devices.
• It is not necessary to use common security policy for all users. With the help of the Blitz Identity Provider, each user will choose the authentication method that best suits him or her job: a hardware digital signature device (USB token or smart card), smartphone, personal U2F device, SMS.

Scenarios for two-factor authentication may vary depending on the purpose of the protected applications. Blitz Identity Provider allows you to use any of the possible scenarios:

1. Entertaining portals, news portal, social networks, internet stores

   • Users itself decide whether to use two-factor authentication to protect their account. It is important to provide users with a self-service interface in which the user can easily choose and enable the most appropriate method to protect the account.
   • The second factor is usually checked when a user logs into an account from an unknown device. The next time user log in from a known device, the user is not asked to enter the confirmation code again. Such a scheme is user-friendly and does not provoke users to disable intrusive protection.

2. Internet banking, personal cabinet offices for investment accounts

   • The use of two-factor authentication is determined by the organization’s security policy. Users are not usually allowed to disable protection on their account, but sometimes you allow them to configure more appropriate authentication method.
   • The second factor is checked always after a successful login and password check. With subsequent Single Sign-On redirect between applications within the current browser session, a second check of the second factor is not required.

3. Enterprise applications

   • The use of two-factor authentication is determined by the organization’s security policy. The policy may vary for different user groups and different applications. When accessing fulltime employees on working station, testing the second factor is not required. When privileged users access applications or epmloyee use remote access, the second factor is checked.
   • Verification of the second factor can be requested both when login or after with subsequent access to important applications within the current session. It is possible that user accesses several applications in a short time (several minutes) without having to repeat two-factor authentication so that the security measure is not excessively tedious.