By Vince Lujan Posted June 4, 2019
Two-factor authentication (2FA) is one of the most critical investments that an IT organization can make with respect to security. With identity compromises being the leading cause of breaches, it is no wonder that 2FA competition is fierce.
However, not all 2FA competitors are created equal. So, it is essential to determine how 2FA fits into your overall identity management strategy before you choose a vendor. In order to do that, let’s take a closer look at the 2FA category as a whole.
2FA is a secure authentication mechanism that adds an extra layer of security to the user authentication workflow. Essentially, a user must input a 2FA token in addition to their core username and passphrase.
The 2FA token creates the second authentication factor—usually generated from application on a smartphone or perhaps delivered through a USB keyfob. Solutions such as Google Authenticator, Microsoft Authenticator, Yubikey, and Duo Mobile are examples of 2FA token generators.
Adding a second factor to the user authentication workflow is an effective way to protect an organization’s infrastructure. By implementing 2FA, admins can ensure that the authentication process is secure even if the core user identity has been compromised.
When to Use 2FA
2FA has a number of use cases in modern IT environments. For example, 2FA can be applied to systems, servers, applications, and networks—both on-prem and in the cloud (depending on the provider).
When to use 2FA really depends on your environment. But, when you consider that compromised identities are the leading cause of data breaches, it is recommended that you enable 2FA wherever possible.
Of course, the challenge here is that not all IT resources support 2FA. Additionally, 2FA functionality can be limited depending on the environment. So, it’s important to balance security with convenience.
The good news is that a cloud directory service called Directory-as-a-Service® (DaaS) is integrating 2FA into macOS and Linux system access, application access via a web-based portal, and now with the RADIUS protocol for VPNs.
In doing so, IT admins have the flexibility to determine when and where to enable 2FA with the convenience of the cloud. So, how does 2FA with DaaS work?
2FA with DaaS
JumpCloud® Directory-as-a-Service is a next generation cloud identity provider (IdP) that distills what was once an entire ecosystem of identity and access management (IAM) solutions into one comprehensive, cloud-based platform. 2FA functionality comes standard, which enables admins to enforce 2FA for systems, servers, applications, and networks—including WiFi and VPN.
The key advantage with the DaaS approach to 2FA is that IT admins can manage and enforce 2FA throughout their cross-platform environment while eliminating on-prem hardware. In effect, admins no longer need to implement an on-prem IdP, then layer a third-party 2FA solution on top of it.
Rather, 2FA is but one of many features of the overall DaaS platform, which is delivered as a service. With JumpCloud, admins can securely manage and connect users to virtually any IT resource, provide an extra layer of security for all of their resources that support 2FA, and manage it all remotely from anywhere in the world.
Learn More About 2FA Competition
Sign up for a free account to see how JumpCloud Directory-as-a-Service stacks up to the 2FA competition. The full functionality of the DaaS platform, including 2FA, is free for up to ten users. Contact the JumpCloud team if you have any questions.