Remote access doubly secured to meet regulatory compliance
ESET Secure Authentication provides powerful software-based two-factor authentication (2FA), safeguarding your company’s mobile workforce against data breaches due to compromised passwords and aiding in regulatory compliance with HIPAA, PCI DSS and NIST. ESET Secure Authentication validates each VPN and Outlook Web Access (OWA) login with a unique one-time-password (OTP) adding an important layer of security to your company’s sensitive data. Simple to manage, ESET Secure Authentication is more flexible, cost effective, and easy to use than hardware OTP tokens or appliances.
How ESET Secure Authentication 2FA works
Unlike standard password authentication, 2FA OTP requires two elements: a user’s password and an OTP generated on a designated physical device. It is the physical device requirement that sets 2FA OTP methodology apart. With each login, a new OTP is required, meaning access to the device is required. Should the user’s password be compromised, a criminal could not gain access to your network as they do not have the complementary device.
ESET Secure Authentication is the easiest and quickest way to implement two-factor authentication for your business. By using the smartphone that the user already carries with him, the ESET Secure Authentication mobile app is always within easy reach when the user needs a secure, randomly generated one-time password. The mobile app requires no IT help to install on the client-side and very little training to use. The server-side integration and management is equally simple, making ESET Secure Authentication much less expensive to own than other two-factor authentication solutions.
Many industry regulations require businesses to take significant measures towards ensuring data privacy and hold them liable for any data breaches. Regulatory agencies recognize that static passwords are easy to compromise and require strong authentication for access to sensitive information.
As BYOD adoption and mobility among the workforce continue to increase, more remote access sessions are at risk of password compromise. Two-factor authentication is no longer optional but essential to complying with data privacy requirements from industry regulations such as PCI DSS, HIPAA, FFIEC Guidelines, Sarbanes-Oxley and NIST.
Mitigate risky password practices
Two-factor authentication with one-time password protects against
these common password weaknesses:
• User-created passwords can be easily guessed if they do not
contain randomized characters
• Passwords that are reused on both an individual’s work and
personal accounts, create risk
• Passwords containing user-specific data – a name or date of
birth – can be easily guessed
• Simple patterns used to derive new passwords can be easily hacked
• Static passwords can be intercepted and reused maliciously