The major events that shaped the course of the year 2020 have had a significant impact on the way enterprises function. Companies have been more open to the idea of staff operating remotely now than ever before. Many are adopting it as a permanent alternative in the future. The benefits of remote work are limitless for both staff and employers. This provides a better balance between work and life that ultimately influences productivity. Companies will improve their talent pool as well as save on investment in costly office space. That being said, while remote work is convenient, it is far from secure.
Though there are several options available for staff to use mobile device-based authenticator apps to access various business applications and services, few things must be considered. You should check for the following when evaluating your organization’s remote access authenticator:
1. Use Cases Supported
Passwordless login and multi-factor authentication (MFA) are the primary uses of remote access authenticator software. MFA needs a password to complete the authentication process and then uses the app. Passwordless authentication is an extension of the MFA to eliminate issues and security risks associated with passwords. Using a mobile device as one criterion and another authenticator, such as a fingerprint scan, the user is authenticated using two separate parameters. It is also referred to as 2-factor authentication (2FA).
2. Supported Systems, Services, and Platforms
In business environments such as Windows, Macs, VPNs, virtual desktops, cloud providers, and on-premise web applications, the authenticator software must support the operating systems, platforms, and services generally used.
3. Authentication Methods
The remote access authenticator app should allow a wide range of standard authentication techniques for the user. At least support should be given for push notifications to the mobile device, biometric authenticators such as fingerprint and face recognition, initiated mobile apps, QR codes, soft tokens, and one-time challenge response codes.
4. Offline Mode
In cases where the device or the target system is offline, such as on an airplane or if the smartphone has no service, the authenticator must still operate and do so safely. Some solutions use a stored list of PIN codes shared by both devices. They can be prone to hacking, can be drained, and must be synchronized with all of the systems that need to be accessed if you log in offline too many times. For this, you need a solution that uses public-key cryptography and rolling keys that do not store any shared secrets, that enables you to sign in as many times as you need on any device.
5. Risk-Based Authentication
The concepts of zero-trust and Gartner’s CARTA method are more widely accepted by businesses. Depending on the consumer and device trust level, automated policies may be used to increase or decrease friction, using real-time risk detection. Solutions lacking real-time trust management would gradually become redundant.
6. Flexibility with an SDK
The vendor can include a remote access authenticator as a standalone app that you can download from Google Play, the iOS App Store, or as an SDK that you can integrate into an existing corporate program that you might already have. An SDK allows you to customize the authenticator app to fulfill your particular requirements.
7. Centralized Authentication Support
A biometrics mobile app is an excellent method of authentication, but there are circumstances when it cannot be used, for example, when a remote user needs a replacement for a lost or stolen device to be onboard. Features like centralized voice biometrics and OTP over SMS are required for these special circumstances.
8. Key Security
Together with the authenticator app, the mobile device becomes a highly sensitive security element which contains the user’s private cryptographic keys. To prevent them from being stolen, the keys stored on the device must be rolled automatically on a periodic basis.
