By Garret Grajek
COO, MultiFactor Corp.
One of the main pushbacks for VPN utilization of certificates has been the fear of leaving valid identity credentials (e.g., X.509 certificates) “behind” after a user utilizes a non-corporate machine.
In the real world this means:
“How does an enterprise grant a security credential to a VPN user when he is on a shared machine at an airport or on his brother-in-law’s laptop?”
Enterprises have for these purposes, been forced to deploy cumbersome and expensive solutions like hard tokens. (E.G., RSA SecureID and Vasco, VersiSign and other token-based solutions). At least with these solutions, the argument goes, nothing is left behind on the computer. The fact that these tokens are expensive, hard to deploy and an irritant to end-users, was, before now, just a pain that enterprises felt they had to swallow.
The day of “tolerating” this token pain is over.
MultiFactor has not only released a new version of SecureAuth™ that makes the certificate length as short as an hour – but has created a methodology to deploy these certificates to non-corporate assets.
The latest version of SecureAuth™ , 4.1, allows an enterprise to configure MultiFactor SecureAuth™ for (2) distinct lengths of certificates (See Diagram #1):
- Long Term Certificate (2 days - 10 Years)
- Short Term Certificate (1 hour - 48 hours)
Not only is the ability to configure (2) lengths of certificates, unique – but it is the ease of implementation where MultiFactor SecureAuth™ also sets itself apart. SecureAuth™ exposes to the administrators a web GUI that allows an enterprise to configure:
- - Which Registration Methods to utilize:
- Static Pin
- Which Directory to utilize for data storage/retrieval
- What informational messages to utilize
- Company logo and other “look-feel” options
THUS no specialized personnel are required to administrate the validity period of the SecureAuth authentication "token". (Try doing that with a hard token!)
The admin can choose the certificate to have an expiration of down to (1) hour. (See Diagrams #3 and Diagram #4)
Diagram #4 ->
(Click on Image to enlarge)
Because this is configured by the admin at the enterprise, the user simply has to choose whether he will or will not be using the computer again. If the user will be using the computer again – he/she simply checks the:
__ “Click here if you will be using the computer again”
If the user chooses NOT to click this option, he/she is issued a short term certificate. (See Diagram #5)
In summary, SecureAuth™ is a technological breakthrough where, now, enterprises can deploy secure, non-phishable, bi-lateral authentication that can be utilized on both corporate assets and non-corporate assets (kiosks).
Thus, there is no reason to deploy expensive and user-antagonizing one-time-tokens to end users – the new solution is here – SecureAuth™ for VPN and application authentication.
Garret Grajek is the COO and a co-founder of MultiFactor Corporation. He is a certified security engineer who has deployed 100s of security solutions while working for RSA, IBM, Cisco and others.