VPN MFA – The Gateway to the Kingdom

SDO Marketing Staff | November 22, 2018

Enterprises have long used Virtual Private Networks (VPN) to protect their systems and provide a secure work environment.

In today’s dynamic business climate, VPN’s have become even more essential. Private networks are now commonly used for organizations that want to give their employees remote, unfettered access to their private servers.

With the security and flexibility they provide, it’s no wonder why VPNs have become a booming industry in recent years at both the private and corporate levels.

The VPN Security Challenge

But while many users today have ample experience using VPNs, securing access to the VPN itself can prove to be a bit of a challenge. IT and security teams are facing growing difficulties in protecting private networks. In a company-wide environment, the risk of compromise increases with the size of the network perimeter. That means the more users, the more danger. Threats from phishing campaigns, social engineering, and username or password theft multiples with the number of individuals operating a VPN.

Bringing the VPN to the cloud also creates its share of vulnerabilities. While cloud platforms add convenience, organizations also expose themselves to higher risks of hacker penetration.

Securing VPN’s with Multi-Factor Authentication (MFA)

Applying Multi-Factor Authentication is the most effective way for companies to securely deploy an enterprise-wide VPN.

By augmenting the primary authentication (most commonly, a username and/or password) with additional layers, organizations can stave off the overwhelming majority of attempts to compromise their private networks.

MFA is more than just an additional hurdle for a hacker to overcome. Second factors such as fingerprints, or hard token-keys that generates temporary passcodes, are extremely difficult to spoof or replicate without physically accessing them. Moreover, since many second authentication factors are delivered “Out of Band” (OOB) and aren’t stored on any server, they are immune against data breaches. This means that even if attackers breached a company server, stole all the usernames and passwords, they still would not gain the additional factors needed to access the corporate VPN.

Not All MFA’s are Created Equal

However, not all MFA solutions and approaches provide the same effectiveness or usability.

Security wise, many MFA platforms–including SMS, and even biometrics–have been shown to be susceptible to compromise through non-conventional hacks.

As industry experts have noted, while MFA works well to prevent random, low-cost attacks, sophisticated cybercriminals are able to overcome them. Incident after incident, from the RSA-Lockheed Martin hack in 2011, to the more recent string of hacks on the bitcoin industry, have repeatedly demonstrated: organized, skilled hackers are able to overcome additional factors, often through a combination of technical prowess and social engineering.

But more importantly, from a business flow perspective, MFA solutions are almost always cumbersome to deploy. Bad user experience becomes a major issue when implementing a platform across a whole enterprise. When attempting to integrate MFA, the net result is often limited end-user adoption along with a frustrated IT department and mounting costs.

VPN MFA - Secret Double Octopus

Streamlining VPN Authentication with Double Octopus

The Octopus Authenticator is the only authentication solution offering password-free MFA for VPN access.

Octopus Authenticator does away with passwords and replaces them with its secure Authenticator app. Whenever a user attempts to login to a VPN account, Octopus Authenticator , using the mathematically unbreakable Secret Sharing scheme, transmits a push notification to that user’s associated device. The user then simply responds using the mobile biometric capabilities approving the push notification to complete the verification process.

Eliminating passwords is the next major leap for user experience in authentication technology. Not having to deal with passwords means employees don’t have to remember them, store them, or organize multiple sets of login details for their various work-related accounts. This is even more of a relief when it comes to VPN’s–employees aren’t necessarily accessing the private network regularly and are much prone to forgetting passwords. Thus removing passwords from the picture also reduces password resets and related help desk calls–both of which are exceedingly expensive, take up IT man hours, and impede workflow.

Octopus Authenticator offers the very highest in authentication assurance while delivering seamless, scalable, and easy to use access to the enterprise VPN.