Two-factor-authentication

Two-factor-authentication

Theme IT-Security

The PartnerGate www.partnergate.com is a web application where customers can manage their domain portfolio.

challenge

Customers log into the web application with their username and password. The problem here is conditional security, since passwords can get into unauthorized hands via various paths and programs such as viruses, Trojans, keyloggers, sniffers or simple inattention.

target

increase security by using an authentication technique that uses several factors to increase IT security, so that the login must be verified by a user name and password with a second authentication.

Result

A 2-factor authentication was developed, which is based on the TOTP procedure (TOTP: time-based one-time password). The customer’s own smartphone is set up as a hardware token, which generates random one-time passwords on the basis of a previously exchanged key, which must be entered as additional information. This method is, e.g. according to a report of the FAZ, in theory the safest method to ensure that the person logging in is the person he or she claims to be. In the event of a loss or defect of the smartphone, there is the option of switching to an SMS procedure.

The advantages of this modern security standard are the immanent increased security, higher trust of the happy customers in the provider of the web application as well as a relief of the support of PartnerGate.

Comments are closed.