Two Factor Authentication (2FA) sometimes called two-step verification or multi-factor authentication (MFA) is an authentication process. In this process, the user has to provide two factors in order to gain access to the resources.
Two-factor authentication (2FA) validates user identity with passwords and an additional layer of authentication like a security token or a biometric factor. miniOrange provides 15+ authentication methods to fit every need. OTP over SMS and Email, Mobile Authentication, Phone Verification these are some of our popular authentication methods.
Passwords are everywhere, we use them to access our money, our communication, and even our social lives. At first, we used one password for everything but that wasn’t good enough so we started making our passwords more complicated with a combination of numbers, uppercase/lowercase letters & even special characters.
Some people even use password managers to organize dozens or hundreds of unique passwords. But no matter how complex your password or the password management system is, it is never enough to prevent account takeover because all it takes is one simple phishing email or database breach and your password is out in the world. So, if passwords are impossible to protect, how do you protect your account ?
That’s where two-factor authentication comes in. Two Factor Authentication or 2FA adds another method of identity verification in order to secure your accounts.
By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.
The most common 2FA systems use the unique One Time Passcode also commonly known as OTP with every login attempt that you make. This OTP is tied with your account and generated by an authenticator app on a smartphone or sent to you by SMS or email.
miniOrange also provides a more modern and secure form of 2FA which is “Push notification” on your smartphone. A push notification is sent to your registered smartphone and in order to gain access to your account, you have to approve that notification.
The authentication process using Two Factor Authentication (2FA), takes place in the following steps:
miniOrange supports a variety of methods for Two Factor Authentication (2FA). We support following authentication methods that ensure you to have secure access to your site.
There are multiple use cases where two-factor authentication is used. miniOrange provides the solution for various use cases, some of them are, Two Factor Authentication (2FA) for VPN login, Two Factor Authentication (2FA) for Stripe and Two Factor Authentication (2FA) for office 365 using Yubikey.
miniOrange provides Two Factor Authentication (2FA) on top of VPN Authentication. This secures the access to protected resources instead of relying on only the VPN username & password. To accomplish this miniOrange uses the RADIUS Protocol.
RADIUS stands for Remote Authentication Dial-In User Service, it is a client/server protocol that provides client authentication and authorization.
RADIUS server is responsible for authenticating the users, while RADIUS clients are nothing but the Network Access Servers (NAS) which authenticate users with RADIUS servers and based on responses from RADIUS server grants/denies the access.
The Two Factor Authentication (2FA) for VPN login takes places as shown in the above figure. If you take a look at the steps below you will get a clear understanding of how it happens.
On 14 September 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).
All online businesses will have to ensure they’re compliant with the Payment Services Directive 2 (PSD2) legislation. The EU directive mandates that any online transaction over €30 requires Strong Customer Authentication (SCA).
To meet new EU regulations, payment gateways/businesses will need to build an extra layer of authentication (2FA) into online card payments.
miniOrange has helped many businesses and payment gateways to integrate 2FA or MFA in their applications. We provide access to our 2FA APIs with which 2FA can be integrated into any application very quickly without much effort.
Payment gateways that operate in Europe like SecurionPay, Skrill, Stripe, PayU, Authorize.Net, Amazon Pay, PayPal will be enforcing Strong Customer Authentication (SCA) very soon.
Microsoft provides 2FA / MFA only via their default application with limited 2FA methods and you can not configure any additional 2FA authentication method.
If you are looking to use Yubikey or any other hardware token as an authentication method while accessing Office 365, it is supported with miniOrange and can be integrated quickly.
miniOrange allows you to use Yubikey (or any other method from 15+ available 2FA methods) as the 2nd factor to login into your Office 365.
When Two Factor Authentication (2FA) enabled on your system, it prevents an attacker from accessing the resources even though they know your username and password. As you have an additional layer of authentication attacker has to pass that layer which is not possible.