Patrick Townsend and I had a chance to catch up at COMMON earlier this year. I was psyched to learn that Townsend Security is now offering Two Factor Authentication (2FA) for the IBM i.
When we started talking about the beauty of pairing SSO and 2FA for authentication, my security geek-meter spiked big time!
It didn’t take us long to figure out that we should get together to present a webcast on combining SSO and 2FA. If you missed it, you can view the recording here. It’s well worth the 40 minutes if I do say so myself.
Here’s why I’m so excited about SSO + 2FA.
- SSO significantly reduces costs. It makes end users more productive and nearly eliminates the wasted time and support calls due to password issues. Plus everyone who uses it loves it, and they love IT for giving it to them.
- 2FA, on the other hand, significantly reduces risk by requiring an additional layer of security for sensitive applications or data. BUT, it does it using “something you have” or “something you are” rather than “something you know” so that it doesn’t slow down authorized users. (The Townsend 2FA solution uses a cell phone for the second factor. You can receive either a text message or a voice call telling you a code you need to enter when prompted.)
When you put SSO + 2FA together, you lower security costs and make it really easy for authorized users to authenticate themselves, while at the same time establishing a massively difficult barrier for unauthorized users to overcome.
Think about it.
A second factor would likely have prevented most of the high-profile attacks we’ve learned about in the last six months. Knowing a userID and password would no longer be enough. You must also have access to a physical device (a cell phone in this case) known to belong to the person represented by the userID and password. This makes remote attacks by bad actors in Uzbekistan nearly impossible, assuming the technology is implemented correctly by the customer – that is, there are no ways to avoid the second prompt.
From a business perspective, “good” security is a function of cost and risk.
Security = ƒ(cost,risk)
This means that security can be improved by lowering the cost of managing risk or by reducing the amount of risk to be managed. When you combine SSO with 2FA (assuming a reasonable price), you do both! The combination markedly improves a company’s security posture. It’s also powerful for regulatory compliance.
I’m most excited about the offer Patrick Townsend announced at the end of our webcast. Townsend Security will provide a perpetual license of their 2FA solution, free, to the first 10 companies that view the webcast and who also sign up for the SSO stat! service from Botz & Associates. Those who qualify for the offer will receive all the benefits of 2FA and plus the fast implementation, on-going support, and free consulting for any questions related to authentication which are all provided by the SSO stat! service.
If this might be of interest to you, I strongly encourage you to watch the webcast replay and contact us for details.
If you do watch the webcast, I’d love to hear your thoughts and opinions. You can either comment on the blog post or send me an email at botz@botzandassociates.com.
