Moving Beyond 2-Factor Authentication With ‘Context’
What’s the best way to protect your proprietary business secrets or financial data? One common recommendation is to implement two-factor authentication. As you undoubtedly know, two-factor authentication limits the usefulness of any credentials that attackers may have acquired or created, restricting their ability to move laterally within the organization or access your VPN to log back in remotely and attempt to gain ever more powerful credentials.
Unfortunately, two-factor authentication isn’t cheap -- in more ways than one (or even two). Not only can it be costly to implement, it also disrupts legitimate user activity, increasing frustration and hurting productivity. Moreover, two-factor authentication isn’t infallible, as we now know thanks to the reports on the Operation Emmental attacks on Swiss and German banks, in which attackers scraped SMS one-time passwords off customers’ Android phones.
Fortunately, there is another way keep attackers inside your network from getting what they want: context-based authentication. With context-based authentication, your organization can create rules that determine, pre-authentication, whether and how a given authentication process should proceed based on context.
