Multifactor authentication (MFA) is a method of boosting IT security that requires end users to provide multiple...
methods of identification to confirm their identity for gaining access to corporate resources and applications, as well as perform online transactions. By requiring an additional factor beyond a simple password (such as software on a smartphone, a fingerprint, a voiceprint, a key fob or a security code), MFA technology makes it far more difficult for hackers to exploit the login process and wreak havoc by stealing corporate, customer or partner data -- even when a password has been compromised or shared among a number of different services by an end user.
Organizations that have made (or are in the process of making) the decision to deploy MFA technology should bone up on the criteria for evaluating and procuring multifactor authentication products. That way, when it comes time to select the right MFA product, the company will be well-versed on what MFA product features best match the use cases (Active Directory augmentation, strong identity verification and/or the strengthening of Web server logons) that apply to its environment and authentication needs.
With so many vendors offering MFA products and services, choosing the right product can be overwhelming -- no matter how knowledgeable and prepared an organization is going into the evaluation process. Here is a list of the top multifactor products in the market to help get enterprises started.
CA Strong Authentication
CA Strong Authentication from CA Technologies comes in both a Windows version and as a software as a service (SaaS) version called CA Secure Cloud. It includes full administration capabilities to configure policies, monitor activity and investigate suspected attacks, making it easier to keep track of tokens and to understand which applications support tighter MFA security. Strong Authentication deploys and manages a range of authentication methods, including two-factor authentication software tokens. A more unique feature to Strong Authentication allows organizations to not store or transmit passwords. This, in effect, makes passwords "unbreachable." To learn more about CA Strong Authentication, read the full overview.
Like SecureAuth IdP, Okta Verify is both an MFA and SSO product. As an MFA tool, it adds security measures to standard username/password logins to a variety of servers and services. And, as an SSO tool, it allows end users to sign into a Web-based portal that serves as the basis of the authentication of an organization's SSO app portfolio. Unlike other MFA products, Okta has a unique feature called Just in Time provisioning that allows customers to import all their Active Directory accounts and set authentication up so that when end users are ready to start using the SSO component, Verify can attempt to create their accounts on the fly. To learn more on Okta Verify, read the full overview.
Quest Software's Defender
Quest Software's Defender is a mid-tier authentication product that combines a good assortment of features with support for the common multifactor use cases at good price. When an organization enables users, they can go to a self-service portal to either request a software token or register a hardware token. Defender adds a requirement of two-factor authentication to an organization's access to its network resources. To learn more about Defender, read the full overview.
RSA Authentication Manager and RSA SecurID
RSA SecurID -- the token-side RSA Authentication Manager -- is the MFA product that has been around the longest. It has a large number of supported applications that can be secured with its multiple factors and has the largest market share of hardware tokens. For its part, RSA Authentication Manager can be set up for some very complex token approval workflows, and it sports a self-service web portal that end users can use to perform common token management tasks. SecurID can be deployed to support two-factor authentication for Windows, iOS, Android and BlackBerry devices. To learn more about RSA Authentication Manager and RSA SecurID, read the full overview.
SafeNet Authentication Service
The SafeNet Authentication Service supports a wide variety of token, mobile and desktop authenticators. The service is also unique in that it supports an interesting "grid" hardware-based token that asks users to type in a pattern and offers subscription-based pricing, which includes a single copy of its server software and one SMS token per user. This makes it easier for organizations to calculate expected deployment costs. In addition, SafeNet has the most extensive policies, role assignments and user groups of any of the MFA products highlighted in this article, which makes it easier for IT to set up different authentication levels for different individuals and groups. To learn more on SafeNet Authentication Service, read the full overview.
Somewhat unique among the products in this article (Okta Verify is the only other one), SecureAuth IdP is both a multifactor and a single sign-on authentication product. So in addition to offering a solid array of MFA features, such as support for multiple hardware and software tokens, organizations can connect SecureAuth IdP to directory services such as Active Directory to allow users to sign into a Web-based portal that authenticates them for a portfolio of applications. That way these users don't have to remember -- or even know (in some instances) -- their individual passwords for these programs. To learn more about SecureAuth IdP, read the full overview.
Symantec Validation and ID Protection Service
Like RSA, Symantec is a top-tier multifactor vendor that has been in the MFA game a long time. Symantec Validation and ID Protection Service (VIP) supports a wide selection of hardware and software tokens, including desktop and smartphone apps (using both SMS service and voice calls). And, not only does the service provide more than 30 different integration methods for common apps, its credentials are so popular, they are currently used to authenticate more than 100 different websites. Symantec lets businesses add two-factor authentication to their web and mobile applications. To learn more about the Symantec VIP Service, read the full overview.
Vasco IDENTIKEY Server and DIGIPASS
IDENTIKEY Server includes multifactor software tools and DIGIPASS tokens from Vasco Data Security Inc. As one of the most comprehensive MFA products on the market, it supports a wide selection of token and server types, mobile operating systems and smartphones, and authentication methods. Meanwhile, in addition to providing authentication plug-ins for Outlook Web Access, Citrix, Microsoft's Internet Information Web Server and Remote Desktop Web interfaces, Vasco offers an API-based product that allows customers to integrate multifactor authentication into existing applications. To learn more about Vasco Identikey Server and DIGIPASS, read the full overview.
All the products highlighted in this article are solid MFA platforms. They support multiple token types and provide flexibility in terms of authentication methods supported.
There are differences between them, however -- including in pricing, administration and reporting -- and in how they support mobile devices and new technologies like risk-based authentication and standards such as FIDO. So it behooves organizations that are looking to deploy multifactor authentication technology to take all those elements and more into consideration when making an MFA product selection.
Learn why security experts believe multifactor authentication is a critical component for cloud security
Know the expiration date on your cybersecurity products.