During the global Covid-19 pandemic, there was an increase in remote working for many companies. However, because of this increase in remote work, cyber attacks were also on the rise. Businesses can no longer rely on just a username and password and therefore need to add an extra layer of security to their Sonicwall Global VPN Client two-factor authentication. Two factor authentication is where users are verified with an additional method of authentication such as biometric authentication, authenticator applications, hardware tokens, and email authentication.
To achieve secure access to your company assets, you’ll want to have a secure authentication method in place for your Sonicwall VPN.
Let’s take a look into some ways we can achieve secure access with these methods of authentication.
Biometric authentication is considered to be one of the strongest forms of authentication. Biometrics rely on a user’s physical characteristics to identify them. The most common biometric authentication is fingerprints and facial, with some also using iris or retina for the more high security environments. Since no two users have the same exact physical features, biometric authentication is the most secure option when protecting your VPN with two-factor authentication. A benefit to this type of authentication is that a user doesn’t need to bring a separate card, hardware token, or cell phone.
While biometric authentication is the most secure it is almost the most costly. They require specialized equipment for most of the authentication which some businesses may not be able to afford. Biometric authentication also needs to store data of the users features and some users may have concern about their data being stored in the company database. Biometric authentication makes more sense for higher security environments such as governments, intelligence, or defense contractors.
Authenticator applications generate a one-time passcode (OTP’s) every 30 seconds. After you input your username and password, you’ll be prompted to enter the six digit code that appears on your application screen. The time limit means that if a cyber criminal manages to get ahold of your one-time passcode, it won’t work for them after 30 seconds.
Authenticator apps don’t have access to your accounts and after the initial code transfer, they don’t communicate with the site. Their sole purpose is to just generate codes every 30 seconds.
Many companies prefer not to rely on cell phones for their additional layer of authentication protection. Instead, they prefer to have their employees use a hardware token. A hardware token is similar to an authenticator app but instead generates the code within itself versus an application. If you have a token based system, you’ll have to make sure each user is keeping it safe and that they don’t fall into the wrong hands. If an employee leaves a company, that token must be given back to the company so they can no longer authenticate to their account.
Hardware tokens are a little more expensive as each user would require their own individual token but they still provide an extra layer of security.
Email authentication is a method that verifies that a user is who they say they are. If a user’s authentication method is through email, they would first be asked to verify their email address to ensure that all authentication requests are going to the correct user. Generally, when a user tries to log in with their username and password, an email will be sent to further authenticate. The email will contain a code that the user needs to enter in order to log in to their VPN.
For most companies, this is a safe and easy way for their users to authenticate. A benefit is that authenticating your emails has no impact on the quality of your email content. Email authentication also ensures that emails are not forged and protects the user from phishing or spam emails.
No matter what type of authentication you use to secure your access to your Sonicwall VPN, each method will provide you with the security you need. It’s up to you to decide which authentication method is best for your company’s needs. Ideally, you want a two-factor authentication that is easy to use, offers a seamless user experience, and doesn’t compromise your users efficiency.