If you access your data only barrier is the password, you’re risking much. Password can be intercepted, drag trojan, extract using social engineering. Do not use in this situation, two-factor authentication – almost a crime.
With two-factor authentication can protect not only the RDP or SSH, and VPN, RADIUS-server, any web services. For example, there are ready customers, adding an additional layer of authentication in popular engine Drupal and WordPress.
WHY two-factor authorization?
The meaning is very simple. If an attacker is somehow able to get your login and password, it can easily go to your mail or to connect to a remote server. But if in his way will be an additional factor, such as one-time key (also known as OTP-key), then nothing happens. Even if the attacker gets to the key, then use it will no longer be, as it is valid only once. As such the second factor may be an additional call, the code received by SMS, key generated on the phone on a particular algorithm based on the current time (time – a way to synchronize the algorithm on the client and server). The same Google has long been encouraged its users to enable two-factor authentication (a couple of clicks in your account settings). Now it is the turn to add a layer of protection for your services!
DUO SECURITY (www.duosecurity.com)
One of the best services that can be used on two-factor authentication for virtually everything (including VPN, SSH and RDP), was Duo Security (www.duosecurity.com). The developer and the project is the Founder access Oberhayd John, a renowned expert in information security. He, for example, picked open communication protocol with smartphones Google Android, with which you can install or remove the arbitrary application. This database makes itself felt: to show the importance of two-factor authentication, the guys started service VPN Hunter (www.vpnhunter.com), which in the two accounts can be found not hidden VPN-server company (and at the same time the type of hardware on which they run), services for remote access (OpenVPN, RDP, SSH) and other infrastructure could allow an attacker to get into the internal network, just knowing the username and password.
Service provides three options for the organization of two-factor authentication. The first – the use of electronic keys. The second way – use passkey that is sent to the user on the phone through SMS or come to your email. The third option – a mobile phone application for Android, iPhone, BlackBerry, which generates one-time passwords (essentially equivalent Duo Mobile). Service aimed at large companies, thus fully paid.
Also allows you to use your mobile phone as a second protective layer. Passkey sent to the user via SMS or email. Each message contains three passkey, that is, the user can log in three times before you ask for a new batch. Also the service is not free, but it provides a free 30-day period. A significant advantage is the large number of both native as well and third-party integrations.
This free service allows you to organize a two-factor authentication to 25 users, providing 500 free authentications per month. For protection organizations need to download and install special client. If you want to add two-factor authentication to the site, you can use the official SDK, providing detailed documentation and examples for the following programming languages: ASP.NET C #, ASP.NET VB, Java, Perl, Ruby, PHP.