LogonBox product’s support many authentication types. Here we provide not only the list of supported authentication factors, but provide our opinion on the security, administration and ease of use of each type of authentication.
USB security keys that provide passwordless strong authentication for two-factor and multi-factor authentication.
“A very strong second-factor with good compatibility; requires up-front investment and distribution of hardware keys to end-users.”
WebAuthn is a web standard and protocol that enables strong authentication of web applications through the use of public-key cryptography on hardware tokens.
“Another very strong second-factor; up-front investment and distribution of hardware required with slightly more complex configuration for the user when compared to direct Yubikey support.”
LogonBox’s own 2FA solution that provides a secure log in option using modern public-key cryptography and a unique swipe me in action.
“Included as part of any LogonBox product; Flexible configuration with an option to require biometric response.”
Setup user authentication by requesting an answer from a set of pre-defined questions that they have previously provided answers to.
“A tried and tested solution but not the most secure method available and subject to the usual problems associated with user secrets and passwords.”
Email the user a random one-time password to their primary or secondary email account.
“A good compromise between administration and security. Not a suitable solution if the users email account is protected by their Active Directory password.”
Send an SMS message to the user’s mobile phone containing a random one-time password.
“A great way of delivering one-time passwords but can be subject to mobile network issues.”
If you have already invested in an existing 2FA solution like Duo, you can uiltise this in any of our authentication flows.
“A great solution for when you have already invested time and effort to deploy with other services.”
The Google Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.
“Requires no network communication during authentication, just read the current password and enter at the prompt.”
The Microsoft Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.
“Another great TOTP solution compatible with Google Authenticator.”
A small numeric password of fixed length that the user would present. This would not be typically used on its own, but in-front of another authentication factor.
“In the end a PIN is just a numeric password. Easy for users but don’t use without an additional factor.”
Google’s “are you human” authenticator which presents a “I’m not a Robot” and other prompts to ensure users are real users and not bots.
“Not really an authentication factor, but certainly helps to ensure bots and scripts are not trying to brute force your server.”
Authenticate against any server supporting the RADIUS protocol. This legacy protocol lives on and still has some relevance when used correctly.
“When used to support real hardware tokens like RSA SecurID it’s a very secure factor.”