Create a hack-proof web page
Create a hack-proof web page Making your own website hack-proof
Applications with 2fa
How two-factor authentication protects cloud and SaaS services
Many companies use cloud and SaaS services to process personal data or sensitive information such as payment data. However, the responsibility for the security of this data remains with the company – not the provider. Nevertheless, two-factor authentication, an additional layer of security in proving the identity of all employees, often remains unused.
With applications such as Microsoft 365, Adobe Creative Cloud or the remote maintenance solution TeamViewer, even the smallest companies have now arrived in the cloud. But the majority of companies have still not recognized the value of secure two-factor authentication. This is the conclusion of a recent study by the SANS Institute. Even after the pandemic-related home-office mandate, 27 percent of respondents in the “SANS 2021 Password Management and Two-Factor Authentication Methods Survey” still said they had not yet implemented multi- or two-factor authentication. The reasons: For 38 percent of respondents, 2FA and MFA make life too difficult for users, while 25 percent believe strong user authentication is too difficult to implement. A dangerous fallacy!
Use Microsoft 365 securely with two-factor authentication
The important role that multi- or two-factor authentication plays for companies was demonstrated by Microsoft with explosive figures at the RSA Conference 2020 . The cloud giant processes more than 30 billion log-ins from more than a billion users every day. Month after month, about 0.5 percent of user accounts are compromised (over 1.2 million in January 2020). However, the likelihood of unauthorized people gaining access to an account drops dramatically when strong user authentication is used. For example, more than 99.9 percent of compromised user accounts were not secured via MFA, according to Microsoft engineers.
“Not using multi-factor authentication today is almost gross negligence,” also warns Alexander Siegelin, IT director at Kraftanlagen Group. In his company, about 1,600 employees regularly work with Microsoft products – more and more of them with Microsoft 365 and Microsoft Teams. When introducing two-factor authentication with time-limited one-time passwords (TOTP), however, the Kraftanlagen Group did not rely on the Microsoft Authenticator smartphone app, but on a hardware solution, the REINER SCT Authenticator.
- No use of private cell phones over which the company has no control
- Far more secure than an Authenticator app, as not vulnerable from the Internet
- Can be used in high-security areas where smartphones are not permitted
- Can be used in high-security areas where smartphones are not permitted
- Parallel use for business and private user accounts possible without any problems
And how much has the double security via two-factor authentication made life more difficult for users? Not at all: “We hardly had any queries about its use,” reports Siegelin. Even employees who don’t work on the PC every day only needed a one-minute video on how to use the authenticator. The Kraftanlagen Group now also uses two-factor authentication to log on to the social intranet – and a single sign-on (SSO) via Azure Active Directory is already in the pipeline.
Set up two-factor authentication in Microsoft 365
Both Microsoft 365 and Office 365 support multi-factor authentication for user accounts by default. Try it out: Setting it up via QR code is quick! Log in to office.com as usual and confirm the “More information” prompt with “Next”. In the first step of the setup, select the “mobile app” as the “authentication phone” and the option “Use verification code” as the login method before confirming with a click on “Setup”.
Now a QR code appears, which you scan either on the smartphone with Microsoft’s Authenticator app or via a hardware solution such as the REINER SCT Authenticator. Then select “Got It” on the PC and confirm twice with “Next”. Then, in the second step, enter the time-limited one-time password generated by the Authenticator to check your 2FA configuration. Finally, in the third step, enter a backup phone number such as your office number and confirm with “Next” and “Done”. The next log-in then already takes place via secure two-factor authentication.
Deploying and configuring multi-level authentication for employees and home workers, if necessary, is done by the company’s global administrator. In the Microsoft 365 Admin Center, he or she has the option of deactivating an outdated MFA on a per-user basis and converting all accounts company-wide to modern authentication. Depending on the license, policies for initiating MFA can also be used to configure (risk-based) conditional access, for example to take account of the user’s group memberships or the IP location information of the end device.
2FA security for the cloud and on-premises hardware
Just as with Microsoft 365 and Office 365, organizations and employees can use double security via two-factor authentication for a variety of other Internet services. Even securing the company’s own hardware – such as access to routers or NAS systems – is possible in this way. The following list provides a brief overview of the most important areas in which secure two-factor authentication with time-limited one-time passwords can be used:
- Applications: In addition to Microsoft's cloud-based solutions, two-factor authentication is also possible in Adobe Creative Cloud, Buhl Data Service's WISO tax applications, and other SaaS solutions.
- Remote Work: Company routers from AVM's Fritzbox series, VPN services such as ProtonVPN or VPN Unlimited, but also the Citrix Cloud for hosted desktops and apps support double security via 2FA and TOTP.
- Online storage: Dropbox and Strato HiDrive as well as self-hosted Nextcloud systems offer secure two-factor authentication as a log-in option. If additional data encryption is required, Boxcryptor also makes this possible.
- Team work: 2FA secures user accounts at Microsoft Teams, Skype and Zoom, but also access to the Kanban-based task management Trello or developer platforms such as GitHub or DevZone.
- Web presence: Here, content management systems such as WordPress or Cloudrexx, forum platforms such as the WoltLab Suite and social media accounts can be secured via 2FA, as can logins to web hosts such as Hetzner, Ionos or Cloudflare.
- Remote access: When remotely controlling and maintaining employee PCs via applications such as Anydesk or TeamViewer, two-factor authentication also provides an additional security feature for incoming connections.
- Back-up: Even back-up data is attacked by hackers, spied on and, in the worst case, deleted. 2FA secures access to company-owned NAS systems from Qnap or Synology, for example, as well as data backup solutions from Veeam.
- Email & Payments: For business customers, two-factor authentication is possible in this highly sensitive area with almost all well-known providers.
The REINER SCT Authenticator offers companies the highest level of protection for all these services. In contrast to an authenticator app on a smartphone, the hardware-based TOTP generator does not require an Internet connection and therefore cannot be attacked online. The pocket-sized device stores the electronic keys for up to 60 user accounts and generates the one-time passwords required for logging in precisely every 30 seconds.
More contributions
Cybersecurity on holiday
Cybersecurity on holiday Holiday time. Finally, relaxation. Away from work.
Qualifications of data protection officers
Qualifications of data protection officers A data protection officer ensures
Handling hacked emails
Handling hacked emails The e-mail is indispensable as a communication