Skip Links

Smartphones take center stage in two-factor authentication schemes

SecureAuth IdP wins test of 8 software-based authentication systems that deliver enterprise-level security

By David Strom, Network World
May 20, 2013 06:01 AM ET

Page 4 of 9

However, it doesn't currently support any non-Microsoft Web or SAML apps, which is a big drawback if you are trying to use a second factor for that purpose. It also comes with a nifty QR code generator, so you can point your phone at the screen to capture the code and quickly install the app on your phone.

There are numerous reports including authentication events and error events that can be customized and exported, too.

The cost for a 100-token configuration is $5,995, with 24x7 support extra. One nice feature is that this price includes an unlimited supply of tokens for each user. Celestix also offers two evaluation licenses: one for 100 users for 30 days, and one for 25 users valid for the entire year.

Microsoft PhoneFactor

PhoneFactor was one of the first to provide ordinary outbound voice calls as the second authentication factor: after you login to a server that has been enabled with the software, it then calls your phone number and asks you to press the # key to verify who you are. You can also have the server send an SMS text message or send a notification to a smartphone app.

The company was purchased last year by Microsoft and will require deep knowledge of various Microsoft services and applications to setup. It comes with a Windows agent along with Web-based management service and user portal pieces. The agent runs on any Windows client or server from XP onwards, we tested it on a variety of machines. Other than the requirement that the machine run .Net Framework v2 or v3, it installed quickly.

But to really exploit its features, you will want to connect it to Active Directory, Microsoft's IIS and Terminal Services, and the Web services that you want to add extra authentication protection to. While there are wizards to help you set things up, you will still need to spend some time with dozens of configuration parameters that span the agent's menus along with entering parameters on the management Web portal.

PhoneFactor has an Active Directory synchronization service that will cross-pollinate its users with what is on AD, but chances are you don't have your user's mobile phone numbers entered into your AD store: you will need to have each of them self-register on the Web-based user portal to set this up. To set up a SAML link to a Web service, you use the Windows agent and swap site certificates to enable the trust relationship, or add code to your Web pages, making this one of the few products that can handle all three operational methods.

Debugging the Windows agent is excruciating: there are text configuration files to edit, check boxes to uncheck, and dozens of parameters that could trip you up spread across multiple menu screens. We came across one error in our configuration that took some help from PhoneFactor tech support: we would have never figured it out on our own.  

To delete users you need to use the Web-based management portal. This is also where you will find the various built-in reports. These can be downloaded or you can set up more than a dozen different usage reports to run automatically and be delivered on a schedule via email, a nice touch. Adding users can be done with the self-service user portal. Both of these portals are easy to use.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News