Username and Passwords are No Longer Good Enough
Logging into most systems requires two things, a username, and a password. If you know that information than you most likely have what is needed to gain access. The issue with using only a username and password is that once you or someone that you do not know has knowledge of your credentials they can access the system, whatever it may be.
For many years it has been recommended that in addition to a username and password another form of authentication be used to prove that you should be allowed to gain access. This second authentication mechanism is referred to as Two-Factor Authentication (TFA). You may also hear it called Multi-Factor Authentication (MFA) or a One Time Password.
As an example let’s assume you are accessing the VPN at your company. Without Two-Factor Authentication, you would just login with your username and password. With Two-Factor Authentication enabled after you provide your correct username and password you would be prompted to enter a code, approve a pop up on your smart phone, or enter a code that would be provided via an automated phone call. After the code is confirmed you would be fully logged in.
To summarize a best practice way of authenticating is to use something you know (username and password) and something you have (your phone or a physical token). Over the last decade, the ease of configuring infrastructure and applications to utilize Two-Factor Authentication has gotten dramatically easier for IT departments.
Microsoft has a Multi-Factor Authentication product called Azure Multi-Factor Authentication that can be configured to deliver Two-Factor Authentication four different ways. The Azure Multi-Factor Authentication service can send you a text message with a code that you must provide, call you on a preset phone number and provide you with the number, provide a rotating code on the Microsoft Authenticator smart phone application, or push a pop up message to your smart phone for your approval. Azure Multi Factor Authentication is available as a standalone product and is also included in Azure Active Directory Premium, Enterprise Mobility Suite, and Enterprise Cloud Suite.
Fortinet also has Two-Factor Authentication capabilities built directly into the Fortigate firewalls. A physical token or a smart phone application can be used to get a rotating code that can be used as the One Time Password when connected to a Fortigate SSL or IPSEC VPN.
If you are interested in learning more about how Two-Factor Authentication could better protect your environment please Contact Thrive.