High-Assurance MFA for Enterprise: Proximity + Push

Don Shin | December 4, 2023

Faced with the rise of automated attacks, remote work, and ongoing digitalization, IT and security leaders are seeking fast and easy new ways to confirm that users requesting access to privileged resources are who they say they are. And increasingly, that they’re also where they say they are.

To deliver stronger authentication without revamping the IT infrastructure, Secret Double Octopus introduced industry-first Proximity Assurance Mobile Push, a new feature that elevates multi-factor authentication (MFA) to government-caliber levels of identity verification—without frustrating users or burdening IT.

Enterprises Need Government-caliber MFA, Too

Modern government mandates for protecting nations’ critical infrastructure now extend to industrial manufacturers, utility companies, shipping carriers, and other sectors that transact with federal agencies on a regular basis. Several of these mandates stipulate the use of MFA – and phishing-resistant MFA in particular – to safeguard and verify user identity. 

Even without these looming federal mandates, other industries such as financial services, education, and healthcare now actively seek government-caliber high assurance authentication to secure the login process. As part of increasingly proactive Zero Trust and least-privilege access strategies, many enterprises are implementing passwordless MFA approaches to put an end to phishing

But for true, government-caliber high assurance, even some passwordless MFA solutions may not be enough. To elevate MFA to the highest levels of identity assurance, SDO introduced an innovative Proximity Assurance feature based on advanced cryptographic key-pairing.

Proximity Assurance Makes Login More Secure

“These days virtually every industry sector either integrates with federal network environments or requires that same level of confidence in their authentication process for other reasons,” says Shimrit Tzur-David, co-founder and CSO of Secret Double Octopus. “Our new proximity assurance with mobile push capabilities let enterprises secure their systems with the same high-assurance MFA outlined by NIST 800-63B Authenticator Assurance Level 3 (AAL3) guidelines.”

Proximity validation adds a valuable layer of extra assurance by ensuring the person attempting to log in is who they claim to be, has the right smartphone, and is standing within range of the approved workstation to which they’re seeking access. The new Proximity Assurance feature only unlocks the desktops, in question when all these criteria can be met and verified. This added layer of validation ensures the request is coming from an IT-approved user in the right place with the right device and characteristics at the right time.

Watch the video: High-Assurance MFA for Remote Access

Octopus Elevates Mobile Push to High Assurance—Sans the Friction

The Octopus platform combines the added assurance of requiring users to be in close proximity to their desktop with the convenience of mobile push notifications. Using both high-assurance cryptography and proximity validation with user biometrics MFA SDO’s Proximity Assurance feature allows businesses to send user-preferred push notifications to smartphones to complete authentication. Business and technical users alike prefer receiving secure, familiar push notifications to entering passwords and regular SMS-based one-time PINs and passcodes (OTPs).

The Octopus approach significantly reduces friction for IT as well. The platform’s Proximity Assurance feature uses familiar mobile push notifications to cryptographically “pin” users to workstations without requiring additional hardware, smartcards, or re-architecting of apps and directories by IT. The powerful one-two punch– proximity + push—uplevels the enterprise login process to government-caliber AAL3 authentication without buying and managing extra devices and authenticator apps.

High Assurance MFA Closes Security and Compliance Gaps

In the past, moving to high-assurance authentication meant changing the enterprise’s applications and identity infrastructure to support X.509 certificates. The use of PIV and CAC hardware authenticators achieved traction among some government agencies, but don’t work for most enterprises due to the added cost and complexity, and extra work for IT. 

As a more elegant alternative, modern enterprises have adopted passwordless MFA based on FIDO2 technology but these solutions only work with web-based resources versus the full gamut of enterprise security needs – legacy apps, VPNs, remote access, air-gapped and other physically isolated environments, and others specialized use cases. The SDO platform delivers the required assurances for any enterprise application, even password-centric legacy applications at the core of vital business operations.

Proximity Extends Industry-Leading Use Case Coverage

SDO’s Octopus Authentication Platform is recognized as having the industry’s broadest use case coverage for workforce passwordless authentication. The platform was recently recognized as a SINET16 Innovator for passwordless MFA and provides security for logins from Windows, Mac and Linux endpoints, as well as a host of on-premises corporate services and legacy apps that are otherwise challenging to modernize to passwordless MFA. The solution uses a wide range of alternatives to passwords including biometrics and advanced cryptography options that do not require expensive and inflexible smart cards or hardware FIDO2 tokens.

Learn more about the release.