Table of Contents
Advertisement
Two-Factor Authentication Overview
Two-factor authentication is an authentication method that requires two independent pieces of information to
establish identity and privileges. Two-factor authentication is stronger and more rigorous than traditional
password authentication that only requires one factor (the user's password).
Dell SonicWALL's implementation of two-factor authentication partners with two of the leaders in advanced user
authentication: RSA and VASCO.
Two RADIUS servers can be used for two-factor authentication, allowing users to be authenticated through the
Web portal or with an Secure Mobile Access client such as NetExtender or Secure Virtual Assist.
NOTE:
Single sign-on (SSO) in SMA/SRA appliances do not support two-factor authentication.
See the following sections:
•
Benefits of Two-Factor Authentication
•
How Does Two-Factor Authentication Work?
•
Supported Two-Factor Authentication Providers
Benefits of Two-Factor Authentication
Two-factor authentication offers the following benefits:
•
Greatly enhances security by requiring two independent pieces of information for authentication.
•
Reduces the risk posed by weak user passwords that are easily cracked.
•
Minimizes the time administrators spend training and supporting users by providing a strong
authentication process that is simple, intuitive, and automated.
How Does Two-Factor Authentication Work?
Two-factor authentication requires the use of a third-party authentication service, or two separate RADIUS
authentication servers.
With two-factor authentication, users must enter a valid temporary passcode to gain access. A passcode consists
of the following:
•
The user's personal identification number (PIN)
•
A temporary token code or password
When two RADIUS servers are used, the second stage PIN or password can be sent to the user through SMS or
email. NetExtender login and Secure Virtual Assist both provide extra challenge(s) for entering it.
When a third-party authentication service is used, it consists of two components:
•
An authentication server on which the administrator configures user names, assigns tokens, and manages
authentication-related tasks.
•
Physical tokens that the administrator gives to users which display temporary token codes.
Users receive the temporary token codes from their RSA or VASCO token cards. The token cards display a new
temporary token code every minute. When the RSA or VASCO server authenticates the user, it verifies that the
token code timestamp is current. If the PIN is correct and the token code is correct and current, the user is
authenticated.
Because user authentication requires these two factors, the dual RADIUS servers solution, the RSA SecureID
solution, and the VASCO DIGIPASS solution offers stronger security than traditional passwords (single-factor
authentication).
on page
44
on page
44
on page
45
Dell SonicWALL Secure Mobile Access 8.5
44
Administration Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
