Tuts

Securing Your Website Using Two Factor Authentication. How & Why You Should Do It.

Views

two factorTwo factor authentication is not a new technique in the general science of securing access to confidential information. The process, where by which two separate and distinct factors are used to give a person access to secured information, gives a much higher measure of security than what can be gained through simple password or key based access/login. Factors might include any number of different things such as passwords, physical tokens, digital tokens that are sent to the user or even might include biometric information such as retina scans and fingerprint data.

They key condition is that any of these above factors are used in conjunction with one or more other factors before a user can access secured info. This is what makes two factor –or multi factor— authentication so highly secure; while thieves might be able to glean your password through hacking or data theft, the secondary factor should be something that they have a much harder time of getting their hands on.

One of the most common two factor setups consists of a regular access password combined with a series of prearranged one time passwords, which are sent to a user’s personal devices such as cell phones or even specialized physical tokens. Each time the user logs in, they first need to type their password and then give over a unique on-time code that was just sent to them in that moment, usually to their cell phone.

This basic form of two factor authentication is how most online services like Google, DropBox, and many online banking or financial services companies operate their two factor security; with good reason, since the process is strong, easy to implement and easy for customers to use.

Using Two Factor for your Site

Given its security and ease of implementation, two factor authentication is something that you yourself should very strongly consider if you happen to run either an important personal website or a client access oriented website that protects individual accounts with important data on them.

In either case, creating a two-factor protection system for access to your website’s more sensitive sections will keep you much safer from hacks, data theft and loss of confidential customer information. Having this protection is vital since a failure to implement it can lead to a hijacked personal website in the least serious scenario, or lawsuits from furious clients in the case of hacked customer accounts

The bottom line here is that, if your online business and website is regularly handling highly sensitive client data, or is deeply important to your personal online presence, then you would do best to set up two factor login protection just to be sure that you’ve done your best to minimize future damage.

However, even if you really decide to arrange such a system for your page, you’re probably wondering how you could possibly do it; maybe it seems complicated, expensive and possibly hard to use. The truth is that these things simply aren’t the case. Setting up your site’s own two factor login protection for either your own backend access or at client login access points can actually be much easier and less expensive than you think.

Let’s go over some highly useful options you have depending on your specific needs.

Back End Site Administration and Hosting Server Access

The first point of access you should protect for your website is your own back end administrative access to the sites hosting and dashboard (if you happen to be using a CMS (content management system) as your main site platform.

This is something that you should implement even if you have no customer login accounts to manage and your online business or site is quite small. Why? Because it’s really easy to do, its extremely cheap or even free with some options and it will protect your from having somebody hijack your digital property, which is always important, no matter its size.

There are three main low cost options to choose from.

WordPress CMS

If your site is running off of WordPress as its background CMS platform, then you’ve already got a basic login screen through which you can access your site administration. Since this only asks for a password and username, it’s not especially secure. However, in order to beef things up enormously, you can go into your dashboard and under plugins, search for the Google Authenticator Application for WordPress. Once you’ve downloaded and installed this, you can then enable it to enforce an SMS based two factor request that will send unique keys to your Android, Apple or Blackberry device any time you want to login in to your website’s control dashboard.

Hosting Based Two-Factor Protection

Some hosting providers offer a control panel option of enabling multifactor authentication for all future logins to your hosting account. By enabling this, you can make sure that your highly sensitive servers are much more rigorously protected from potential hosting password theft thanks to phishing attacks and other, more sophisticated means. One hosting provider in particular, called DreamHost, offers this as one of their cPanel services and has set up a nice instruction page for enabling the two facto option on your hosting access. It’s available here: http://wiki.dreamhost.com/Enabling_Multifactor_Authentication.

You’ll notice that this two factor setup is also based off the popular Google Authenticator application that we’d mentioned above for WordPress. Also, as is the case with its WordPress version, you will need an Android, Apple or Blackberry device with Google Authenticator installed and enabled on it as well in order for the process of sending access keys for your hosting to work well.

Enterprise Level Customer Service Options

Moving beyond free and low cost plugin, application and hosting account options, you also have the option of contracting and installing more powerful commercial applications for two factor authentication.

These are provided by companies such as Symantec, Verisign, SwivelSecure or Duo Security, Authentify just to name a few major players. Each of these companies offers their own distinct services and implementations of two factor authentication but all of them essentially give you access to the same thing at a certain cost; commercial grade two factor access protection for your client accounts and employee login needs.

These services are more robust than anything you’d download and install as a free application but they are also more flexible for online companies that have larger customer and employee related needs.

To give you one example, here is the Symantec page for website based Multi-factor authentication services: https://www.symantec.com/user-authentication

Like we said, each of these companies provides their own commercial variations of two factor website access protection; they do this with different specific options and different costs. However, if a higher grade of commercial access security is what you’re looking for; their services are your easiest solution and allow you to quickly protect your clients without intensive programming knowledge on your own part.

What is your rating for this article?
- Total: 0 Average: 0

Leave a Reply