|
Two-factor authentication (2FA) deta
|
| Sana | 24.11.2023 | | Hajmi | 4,97 Mb. | | #104447 |
Bog'liq DETA-37-06e Two-factor authentication (2FA) DETA | March 2020 Introduction The login into DETA is done with a user & password. - For some authorities, the access in the DETA system with User & Password is not secure enough.
- It is needed a stronger authentication method to access to the documents in the DETA.
- It is important that unauthorized users gain access. For example, the test reports that may contain sensitive information.
To improve the security, it is proposed to use Two-factor Authentication (2FA). - With this authentication, the user will have to deal with two actions to gain access into the DETA system.
What is Two-factor authentication? Two-factor authentication (also known as 2FA): - It is a type of Multi-factor authentication (MFA).
- It is a method of confirming users identities by using a combination of two different factors.
- So it requires the user have two things to get into his/her account
1. Something that the user knows user & password. 2. Something that the user has/is one-time password, USB stick, fingerprint… Why should it be used in DETA? Two-factor authentication is needed in DETA due to: - RDW is requesting this secure method.
- DETA systems contains sensible data.
- User & password is not secure enough nowadays.
- Unauthorized person can gain access to the documents easily by stealing the credentials.
- To increase the security of DETA system and reduce the risk that an unauthorized third-party accesses it.
First possibility: Google Authenticator (1) Google Authenticator is a free app for smartphones that generates a new code every 30 seconds. How does it work? - Add an account at Google Authenticator app using one of the following options:
b) Enter a provided key - a) or b) will be provided by DETA system/administrator. It is a one time action.
- Then Google Authenticator app this ready to generate a new code every 30 seconds.
- Once the user introduces the right user & password, the system will ask for the 6 digit code from Google authenticator.
- The user has to introduce the code that it is given by the app.
- If the code is correct, the user can access the system.
First possibility: Google Authenticator (2) Use case:
Introduce the user & password
Get the code in Google Authenticator
Introduce the code
Login
One factor
Two factor
Other possibilities (1) Hardware tokens: - It uses a real physical key.
- After the login with user & password, you will need to connect the token
to the device from which you are logging. - Some devices require a PIN or fingerprint scan additionally.
- One popular hardware token is the YubiKey, a small USB.
- It is used by some online banking services as a form of single use one-time passwords (OTPs).
- TANs are a second layer of security above and beyond the traditional single-password authentication.
- If the physical document or token containing the TANs is stolen, it will be useless without the password.
Other possibilities (2) SMS-based: - The service sends to the user phone number a text message containing a one-time code whenever the user signs in.
- So if someone has your username and password for that account, they won’t be able to sign into your account without access to your text messages.
- SMS-based two-factor authentication isn’t considered ideal because someone could steal the phone number or intercept your text messages.
|
| |
