Not a token gesture

Steven Hope says 2FA need not be cumbersome or complicated

Fears over network security are well founded – the European Commission recently announced its intention to create a new directive to tackle threats to information systems, following a rise in attacks in the European Union.

Naturally, the IT industry is acutely aware of the dangers, but there is debate over the best ways to tackle threats. I believe many network managers consider their greatest challenge to be providing safe, secure, but highly usable and effective remote access to their networks.

Password authentication gives a degree of security but is susceptible to fraud and can suffer from users repeatedly reusing the same details. The next step is two-factor authentication (2FA), often using a personalised token to authenticate users.

A token-based system improves security but can be expensive and resource-intensive to implement and maintain. And sometimes it is difficult for authorised remote users.

There is also token-free 2FA, in combination with a secure VPN. This kind of 2FA requires only a standard web browser for end-point device authentication.

Ensuring security of remote access to a company network is always going to be about horses for courses. IT managers need to determine the needs of the business and must find the right level of security for their company.

But the assumption that having the best in 2FA technology means cumbersome and complicated systems that are costly for the user and organisation simply isn’t true.

Steven Hope is managing director of Winfrasoft