Multi-Factor Authentication
The easy accessibility that the internet has brought into our lives has also brought with it many risks that need to be taken into consideration in terms of security. The comfort of being able to perform critical operations from miles away in a matter of seconds can turn into threats that will negatively impact our lives with personal information that has fallen into the hands of untrustworthy individuals due to simple mistakes. Although the security of communication protocols is increasing day by day, it is still not possible to overcome the vulnerability of the end user in sharing critical information.
Multi-Factor Authentication (MFA)
What is MFA?
Multi-Factor Authentication (MFA) is the ability to create layered authentication mechanisms using a person's information, digital identities, or inherited unique characteristics as factors. Temporarily valid and dynamically generated password information is transmitted through personalized communication channels to prevent unauthorized access. Multi-Factor Authentication prevents unauthorized access with a success rate of 99.9%
How Does MFA Work?
It is possible to ensure control by running multiple factors in a row for identity verification steps, but the excess number of steps can create difficulties for the user experience. In common use, two-factor authentication (2FA) is preferred. The first stage of authentication is completed with the known password and information-based verification. The second stage of verification is provided with the dynamic password (OTP) transmitted to or generated by the device. Biometric hereditary features can be verified for access to the password generated through the device. Thus, all possible authentication diversities are tested.
1st Step Authentication"
The first step of the authentication process is to query the username and password information that the user has previously created. In this step, the user to be queried can be a locally defined user on the SecTrail MFA server or user information hosted on independent remote authentication servers.
The most common usage is querying the user information stored in Active Directory/LDAP servers. It is also possible to authenticate user records hosted in external databases. SecTrail MFA acts as a proxy server for remote authentication servers, allowing multiple products to be authenticated from a single server.
2nd Factor Authentication
The second step of the authentication process requires the generation of a time-based or hardware-based dynamic password to be requested from the successfully authenticated user. The method of generating this password varies depending on the configured authentication method.
- SMS method
- SoftOTP method
- Hardware key method
- E-mail method
- Push notification method
The temporary password generated on SecTrail MFA is sent to the user's phone number dynamically obtained from their authentication sources via text message.
In this method, the user registers with SecTrail MFA to be able to generate synchronized temporary passwords. The registration process is done by installing the SecTrail Authenticator app on their mobile device and scanning the QR code generated specifically for them on the SecTrail MFA platform. Once the registration is completed, they can generate temporary passwords synchronized with the authentication server even without internet access.
SecTrail MFA can provide authentication using temporary passwords generated with hardware keys when the use of mobile devices is not desired.
Generated one-time passwords can be delivered via email.
With this method, a notification is sent to the SecTrail Authenticator application installed on the user's mobile device. If the notification is approved, the authentication is completed.
How to Use MFA?
Multi-factor authentication is structurally supported by the RADIUS protocol. SecTrail MFA can provide multi-factor authentication integrated with all applications that support authentication with the RADIUS protocol.
Thanks to SecTrail MFA, web service support, SecTrail MFA enables authentication via REST API.
It can provide multi-factor authentication for a wide range of products such as VPNs, firewalls, load balancers, virtualization platforms, web applications, operating systems, and more.
