Jun 21, 2018

You know the dilemma: There, of course, are passwords that can easily be remembered (Then again fathers been known to have problems with remembering their children’s birthdays, not to mention their wedding day…). However passwords that can be remembered are most certainly not secure. Passwords that are secure cannot be remembered by anyone. In addition it has to be minded that it is not about one, two or three passwords anymore but more likely about 10 to 20. And you are supposed to use a different password for each access

It is however different for companies. Here security policies, password guidelines and central administrators exist. So far, so good. But is that still enough today? The inconvenience for the user, to change his password every 30 days, makes him creative. He writes them on post-it notes in order to rummage them out at the workstation, he writes them down on other systems that are not subject to administration and company security policies.

What happens? Without the option of the administration to regulate the private use, the user unintentionally compromises the security infrastructure and therefore the company data. What can be done?

Our Answer – 100.000 Codes in a key chain or a smart phone app! With our 2 factor authentication solution we provide the option, to supply the user with a code generator in form of a hardware token or a software app, which in addition to username and password requests a one-time code at every access to the company infrastructure. With this additional code an adequate level of security can be reached. With this “knowledge and possession method” it is necessary for the user to be aware of his password and to be in possession of a code generator. Only in this combination a login is possible.

Application example from the industry: A German company from the automotive supplier sector develops and produces components and systems for the automotive industry worldwide. The mobile staff is provided with company notebooks with online security in form of a web based application. The security of the employees access is of great significance to the automotive sector. It must be ensured at all times that people non-company-related cannot gain access to data. Therefore so called IPSec VPNs (Virtual Private Networks) resp. SSL VPN technologies are provided for all access from outside the company infrastructure.

For a long time now it has been insufficient to authenticate oneself to the system with username and password, which is especially true for access from outside the company fire wall.

With the one-time password technology SecOVID mobile employees as well as partners and suppliers are enabled to access the IT infrastructure. Next to the username and password a so called one-time password must be entered. The generation of the one-time password is done with a generator, available as a hardware as well as a software version. If the user does not possess a hardware token or forgot it, it is also possible to generate a code with a smart phone. An app allows for the generation of such a code.