Being an information technologist in 2018 is apparently one of the most difficult jobs right now. Safely, one can presume that the ongoing reports of database and account breaches left and right has made this a bad time to be the man or woman in charge of enterprise-level security. As it is, it’s hard enough just managing personal security with bank accounts, credit cards and so on.
For anyone who’s kept with the news lately, however, there are bigger threats looming on the horizon right now. It seems like an almost-weekly ordeal that we now hear about major compromises occurring in businesses both large and small, and if this indicates a message of any value, our security tactics are growing old. The recent uptick in hacker activity has given people a run for their money whether it’s bank accounts that stay within the three-digit range or the seven-, eight- and nine-digit entrepreneurs who need advanced solutions to protect their estate.
One of the great problem-solvers stepping up to the plate right now is OneLogin, a dedicated connection mediator company that develops multifactor authentication (MFA) security solutions for app developers, software companies, cloud services, databases, devices and more. The effect of their service punches well beyond the bottom-rung implications of simple MFA tactics that are prolific across sites of every caliber these days; in-house security provisions are shown to be far less effective than OneLogin’s offerings on the whole.
Another project for the weekend? Here’s a sample Rails app that shows how to build a full custom login experience with MFA support and SSO from an apps dashboard. https://t.co/kpG8aPEgYx pic.twitter.com/ieFoGX9tma
— OneLogin Developers (@OneLoginDev) March 23, 2018
The Synergy
OneLogin’s approach to the security conundrum is unique not in its parts but the whole picture. As it happens, tossing a little single sign-on (SSO) choke-point protocol in with the out-branching layers of security offered by a cutting-edge MFA attack plan yields an immensely powerful barrier that’s impenetrable at every point but the front door — welcome sign and all. The unified sign-in approach yields several noteworthy benefits such as:
- Slimming down on the number of footholds for malicious users, easing security requirements and improving the safety of the protected domain
- Simplifying the sign-in process for staff members and field operatives who otherwise would have multiple devices, apps and portals needed to interact with a single company across a connection
- Amplifying the effectiveness of MFA, which can focus all of its authentication firepower on a single access point for users legitimate and malicious alike
Of equal importance is what the MFA aspect entails and what it can cover. Truthfully, there’s little that OneLogin can’t deal with by mixing and matching layers in a fine-grained and carefully measured approach. Their MFA system can be tweaked to provide a number of authentication methods, but the primary means that their IT experts recommend reduce down to four simple and uniquely potent checkpoints:
- SMS text authentication using ablative one-time passwords (OTPs) that skirt the dangers of permanent user-created access strings
- One-touch, instant-alert access notifications on the OneLogin Protect app that’s downloadable from the respective app store on the user’s device
- Downloadable certificates that mark the user’s device as an authorized agent in the system, providing an extra means of skipping the login process altogether for the legitimate user
- Non-technical security questions that rely on nothing but the user’s gray matter to fill in the blanks
The excellence in this setup rests on the fact that all frictional contact is made between the unified gateway checkpoints and users who are attempting to gain illegitimate access or otherwise impersonate a legitimate user; said legitimate user meanwhile has a fully lubricated experience when passing through the authentication portal using hardware, software, credential and knowledge markers that are nearly impossible for malicious entities to mimic or circumvent. The idea is to design an automated setup that consistently responds to the expectations of OneLogin’s system, allowing the user to only ever require a single login on a single portal.
The Expense Factor
The fact is, security breaches are expensive. Businesses that forgo the all-important coverage of their clients’ sensitive data on their servers underestimate black-hat hackers’ power to undo encryption with a little finagling to find the keys. Here are a few statistics to sober up the supine IT manager in us all:
- All company-related data breaches yield damages of a minimum $190,000
- About one-tenth of these breaches result in costs of almost a million on the bottom end
- Thirty-three percent of the polled businesses were found to have third-party connections of up to 25, each with their own vulnerabilities
- Another 10 percent yielded upwards of 200 or more such third-party connections, entailing high vulnerability to a breach
MFA systems are actually more common than most people realize. For example, many of you probably have smartphones that feature biometric scanners of some sort, either facial recognition or a fingerprint reader. You’ll also have a passcode that confirms your identity. When you perform a serious action with your device, like updating the software, you’ll be required to confirm your identity with your biometric scanner and passcode. In this case, the authentication factors are the possession of your fingerprint for the scanner and your knowledge of the passcode. Unless you have both, you won’t be able to use the device to its full capacity. These sorts of security measures are being adopted by major businesses who want to protect the data of their customers, and OneLogin is a top service provider in the field.
MFA is perhaps the first line of defense against hackers trying to access private user data so they can use it to steal what they can. A single password or authentication system is no longer acceptable in a world where a person’s identity can be easily stolen with a few key pieces of private data. OneLogin is sure to offer the protection that any business wants for its user data.
The OneLogin service includes a number of sub-services and tools that all work together to provide a seamless experience. One of its most basic authentication factors is the ability to generate single-use passwords that users can use to access the system. Of course, there are many other factors in the software, and it features a number of integrated factors from third party developers including RSA SecurID and Duo Security.
While it might seem as if the entire world is constantly tapped in to their smartphones, not everyone has access to such technology. This also makes it difficult for those users to conveniently use email. For those users, SMS authentication is something that OneLogin offers to help them confirm their identities quickly and easily. The OneLogin software will send an SMS message to the user requesting the single-use password, and that text will contain the password. This tool is also an ideal way to add a second layer of authentication to an existing tool for resetting a password.
Authentication via security questions is another option with OneLogin. You’ve probably dealt with security questions at some point, and the idea is the same here. A user selects the question they want to answer, and their answer is saved as a form of authentication for later use.
