As taking a step further in extending layers of security for all clients, Center for Computer Resources, CCR, will be implementing Two Factor Authentication (2FA) for any administrative account that CCR uses to access your environment.
We highly recommend at a minimum that you subscribe to Two Factor Authentication for any of your staff that need administrative access to your environment.
We have other clients that have requested we implement Two Factor Authentication, for additional security, for all of their users or at a minimum any users that access your environment remotely. If you do not have Administrative User Account access, you can decline this option and this change will not impact you. For those clients that do have Administrative Accounts that may include Administrative Accounts for third party software vendors to access their accounts on their behalf, Two Factor Authentication provides a highly secure means to login to your server(s), track individual login access and manage login access rights.
Although this is a highly recommended option, you may choose not to activate Two Factor Authentication for your Administrative Accounts users or third party software vendor’s accounts. You will need to sign off stating that you declined this option. Under this option, CCR will implement Two Factor Authentication (2FA) for our staff and we will need to work with you to change the password to your administrative login account(s) so that this information in not in our possession.
CCaRe Two Factor Authentication Solution: How does it work?
With Two-Factor Authentication (2FA), users sign in securely and conveniently, whether in the office or working remotely. Systems are kept secure and all activity is traced in an irrefutable audit log so we know only the right people are getting in. With CCaRe Two Factor Authentication (2FA), our clients gain the assurance that staff can safely work remotely on virtually any device.
In addition to a static complex password, a staff member uses two factors of authentication. A Staff member input their chosen PIN or password (what they know), and then a one-time password generated from an app on their smartphone (what they have). It’s similar to a bank card: you provide your card (what you have) and input a PIN (what you know). Essentially, this solution offers two factors to authenticate who you are, before gaining access. At a minimum, a CCaRe 2FA token is required for each user that would need to access your system with administrative rights. Depending on the sensitivity of your data and/or your corporate compliance requirements, every individual can be assigned a CCaRe 2FA token.
The software token technology turns your Windows Mobile, Windows Phone 7, Apple iPhone or Google Android into a CCaRe two-factor SoftToken authentication device. It also works on Windows desktops and directly on USB based Yubikeys. In combination with our CCaRe two-factor Strong Authentication Server software, we then program a unique 192bit AES key into the phone and configure it to produce 8 digit one-time-passwords with each use. This creates a huge keyspace, and with a 4 to 8-digit PIN, produces upwards past a trillion different possibilities… changing EACH time it is used. As a software token, it never expires, and will last as long as your device or desktop does.
If you need a quote, please feel free to send an email to firstname.lastname@example.org or contact your Technical Account Manager who will provide you with the Two Factor Authentication form.