Many of today's regulatory mandates require multi-factor authentication when requesting privileged access. Use of multi-factor authentication can help safeguard your organization against common hacker exploits. For example, by deploying out-of-band multi-factor authentication using email or SMS delivered to IT staff cell phones – available at no added cost – you can defeat many social engineering attacks by adding an additional verification of password requestors' identities.
Lieberman Software's privileged identity management solutions offer enhanced security by providing out-of-the-box integration with PhoneFactor. Enterprise Random Password Manager (ERPM) and Random Password Manager (RPM) can be configured to require 2-Factor Authentication using PhoneFactor with one click of a button. This integration is supported for use with the E/RPM management console (for E/RPM application administrators) as well as for use with the password retrieval website (for end-users).
PhoneFactor is a multi-factor authentication system which utilizes phone calls to verify identity. The solution provides multiple models for this service including cloud-based and local agent-based offerings. In the simplest terms, when users are challenged for PhoneFactor authentication, the PhoneFactor system will call or SMS users and provide them with one time passcodes.
The Authentication Process - Phone
- Users will enter their usernames and passwords to gain access to E/RPM as normal.
- The PhoneFactor connection will initiate automatically. Users will be notified by E/RPM that it is "Waiting for PhoneFactor authentication..."
- PhoneFactor will then call users on their pre-registered phones and prompt them to perform an interactive key sequence while on the phone.
- After users successfully enter their PhoneFactor passcodes, they will be authenticated to the E/RPM management console or password retrieval website.
- PhoneFactor authentication usage is recorded in audit logs for compliance purposes.
The Authentication Process - SMS
The SMS process is essentially the same process as described above. The difference is that users are sent SMS text messages with one time passcodes that are supplied by PhoneFactor. Users reply to the text messages with the passcodes to be authenticated successfully.
The integration with PhoneFactor is included with your purchase of ERPM or RPM for free – note you will need to acquire the PhoneFactor multi-factor authentication solution itself from Microsoft. For more information on Lieberman Software's PhoneFactor integration, please contact an account manager.