As threats to password security have increased in recent years, multi-factor authentication (MFA) has rapidly gained popularity as a method for increasing the assurance of authentication for federal government networks and applications. MFA is important, as it hardens the cybersecurity around your agency’s network and the data it houses.
These breaches of sensitive data happen a lot more often than one may think. According to Forbes, “The Digital Shadows Photon Research team spent 18 months auditing criminal forums and marketplaces across the dark web and found that the number of stolen usernames and passwords in circulation has increased by 300% since 2018. There are now more than 15 billion of these stolen credentials, from 100,000 data breaches, available to cybercrime actors.”
As the name implies, MFA incorporates at least two separate factors. One is typically a username and password, which is something that’s memorized. The other could be something within a person’s possession or from their own biometrics. For example, a cellphone, keycard, USB, fingerprints, or an iris scan could all verify identity. Adding this secondary factor to a username and password protects an individual’s privacy and is remarkably easy for most people to set up.
Strengthening your federal agency’s cybersecurity posture
The main benefit of MFA is that it enhances your agency’s cybersecurity posture by requiring all users to identify themselves using more than just a username and password. While important, login credentials are vulnerable to brute-force attacks and can be stolen by third parties. Consistently incorporating MFA throughout government agencies’ networks is the smartest move to protect sensitive information and data. The key to adding multi-factor authentication on agency desktops is through the integration of a mature two-factor authentication (2FA) solution, like One Identity’s Defender solution.
Defender is an extension that’s added to the users’ workspace that enhances security by requiring 2FA to gain access to network resources. It uses an individual’s current identity stored within Microsoft Active Directory (AD) to enable 2FA. Defender takes advantage of AD’s inherent scalability and security to eliminate the time and expense involved with setting up and maintaining proprietary databases. Defender’s web-based administration, user self-registration, and ZeroIMPACT migration capabilities ease implementation for administrators and users.
This software also uses hardware tokens that utilize their full battery life. It supports tokens from key fobs such as a YubiKey and smartphones that can be integrated with OneLogin on agency desktops.
How does Defender work?
Defender and OneLogin are only supported by Windows OS. Users must have Windows to follow the steps below and adopt MFA for a more secure login and security of sensitive data.
First, the user must setup an account with OneLogin that will integrate the Defender extension to their desktop, smartphone, or both depending on preference. After this account is setup, the user enters their login credentials into OneLogin where the platform is entirely customizable to whatever appeals most to the user as seen above.
Once the user is setup with OneLogin and types in their credentials, OneLogin will then send a prompt to the user’s phone notifying that someone is attempting to sign in. As seen above, the user must click “Accept” and then use their biometrics through finger scanning to activate the sign in and gain access.
Using Defender on desktops Using Defender on desktops is fairly similar to the process of using it on a mobile device. The user must activate an account with OneLogin and the extension is added to their desktop.
After adding the extension to the desktop, the user will have the standard login on the home screen where they enter their login credentials. After this, another line will appear that allows the user to add in a passcode for the token or just type, “push” to activate the push function of the OneLogin protect function. The desktop login interface will support any token that’s registered to the users account with OneLogin.
Once the user enters their credentials, OneLogin will send a prompt to the user’s phone where they have to accept and then use the finger scanner. Until the user accepts this prompt, the desktop login interface will pause and not allow sign-in until the MFA is fully activated and accepted to protect the user from potentially malicious cyber criminals who are trying to gain access to their data.