As convenient as possible, as secure as necessary – this principle is especially important when it comes to authentication, as too little security endangers the user’s data but too much will severely impact user-friendliness. The Secure Access Hub can adapt to meet the needs of users and the requirements of CISOs alike.
Social engineering and phishing are still the most widespread forms of attack on the Internet. Such attacks are designed to steal secret authentication information, such as a password.
Airlock supports a variety of strong authentication methods that successfully prevent social engineering and phishing, whilst ensuring an optimal user experience. Push authentication is an excellent example where a user logs in securely without the need to enter a password or a PIN number. Biometric methods, such as Touch ID or Face ID, can also be used for all applications.
Strong authentication with two factors is standard today for business-critical web applications. In daily use, however, users often consider this security measure to be rather inconvenient.
This is precisely where risk-based authentication, also known as ‘adaptive authentication’, will improve the user experience. Instead of requiring users to enter the second factor for every login, the context of an access attempt is analysed and compared with previous sessions by the same user. Factors considered include the network in which users are operating, where they are logging in from and which browser they are using. In cases where users wish to access services from their usual workstation on the intranet or from their home offices, the second factor can be dispensed with.
User identities are also stored in the browser using the ‘remember me’ function, and re-used for future log-ins.
Step-up authentication is another option for implementing high-level security in a user-friendly manner. Instead of enforcing the highest level of security from the outset, security is limited to the necessary level. In areas where no authentication is needed, none is requested. In areas where moderate security is required, a simple authentication will suffice. The second factor is applied only when an area is accessed, where enhanced trust levels are essential. This stage-by-stage increase in trust levels is called ‘step-up’ authentication and is simple and easy to deploy for all applications.
- A range of commercial authentication options can be integrated into Airlock IAM
- Interfaces with various open-source authentication options
- Single Sign-on
- Simple token migration via user self-services
- Risk-based authentication
- Flexible step-up procedures
- Social login and registration
- Remember-me function
- Identity federation of all relevant standards
- Identity propagation