Two-factor Authentication (2FA)

The password alone is not enough to identify a user in the twenty-first century. LogonBox products have extensive support for many types of authentication to ensure that your user’s identities are confirmed using a mechanism in line with your security policies.
Accenture use LogonBox for password resets

Supported 2FA Factors

duo securitysaml authenticationRSA secureIDyubikey securitymicrosoft-authenticatorgoogle authenticator

Duo Security

SAML Authentication

RSA SecureID

Yubikey Security

Microsoft Authenticator

Google Authenticator

radius authenticationSMS authenticationLogonBox authenticatorwebauthn authenticationemail authenticationq&a authenticator

Radius Authentication

SMS Authentication

LogonBox Authenticator

WebAuthn Authentication

Email Authentication

Secure Q&A

How does each 2FA option stack up?

LogonBox product’s support many authentication types. Here we provide not only the list of supported authentication factors, but provide our opinion on the security, administration and ease of use of each type of authentication.

Yubico
USB Hardware Device
Security
Administration
Usability

USB security keys that provide passwordless strong authentication for two-factor and multi-factor authentication.

“A very strong second-factor with good compatibility; requires up-front investment and distribution of hardware keys to end-users.”

WebAuthn
Browser + USB Device
Security
Administration
Usability

WebAuthn is a web standard and protocol that enables strong authentication of web applications through the use of public-key cryptography on hardware tokens.

“Another very strong second-factor; up-front investment and distribution of hardware required with slightly more complex configuration for the user when compared to direct Yubikey support.”

LogonBox Authenticator
Mobile Application
Security
Administration
Usability

LogonBox’s own 2FA solution that provides a secure log in option using modern public-key cryptography and a unique swipe me in action.

“Included as part of any LogonBox product; Flexible configuration with an option to require biometric response.”

Q&A
User Secret
Security
Administration
Usability

Setup user authentication by requesting an answer from a set of pre-defined questions that they have previously provided answers to.

“A tried and tested solution but not the most secure method available and subject to the usual problems associated with user secrets and passwords.”

Email OTP
Trusted Message
Security
Administration
Usability

Email the user a random one-time password to their primary or secondary email account.

“A good compromise between administration and security. Not a suitable solution if the users email account is protected by their Active Directory password.”

SMS OTP
Trusted Message
Security
Administration
Usability

Send an SMS message to the user’s mobile phone containing a random one-time password.

“A great way of delivering one-time passwords but can be subject to mobile network issues.”

Duo
Mobile Application
Security
Administration
Usability

If you have already invested in an existing 2FA solution like Duo, you can uiltise this in any of our authentication flows.

“A great solution for when you have already invested time and effort to deploy with other services.”

Google Authenticator
Mobile Application
Security
Administration
Usability

The Google Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.

“Requires no network communication during authentication, just read the current password and enter at the prompt.”

Microsoft Authenticator
Mobile Application
Security
Administration
Usability

The Microsoft Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.

“Another great TOTP solution compatible with Google Authenticator.”

PIN
User Secret
Security
Administration
Usability

A small numeric password of fixed length that the user would present. This would not be typically used on its own, but in-front of another authentication factor.

“In the end a PIN is just a numeric password. Easy for users but don’t use without an additional factor.”

reCaptcha
Mobile Application
Security
Administration
Usability

Google’s “are you human” authenticator which presents a “I’m not a Robot” and other prompts to ensure users are real users and not bots.

“Not really an authentication factor, but certainly helps to ensure bots and scripts are not trying to brute force your server.”

RADIUS
External Authentication
Security
Administration
Usability

Authenticate against any server supporting the RADIUS protocol. This legacy protocol lives on and still has some relevance when used correctly.

“When used to support real hardware tokens like RSA SecurID it’s a very secure factor.”