Your browser does not allow storing cookies. We recommend enabling them.

Fast Deployment of Two-Factor Authentication (2FA)

The most common authentication method is the password. It is a single-factor authentication that is based on the used knowing a secret. It is also a rather weak form of authentication, and many organizational security policies today require their high value asset to be secured with two-factor authentication (2FA)

Adding the second factor - something you have in addition to the something you know - improves security and makes the authentication considerably more resilient to attacks. There are many approaches to implementing the second factor of a two-factor authentication (2FA) - the second factor may be, for example, a security token (such as RSA SecurID) or a mobile phone of the user (such as in Duo Security 2FA )

Deploying Two-Factor-Authentication (2FA) for Server Farms

Regardless of the technical implementation most two-factor authentication solutions require an agent component at server-side. This means that large deployments that cover many server instances require the installation of an agent component in each of the protected servers.

Many of our Fortune 500 customers operate internal networks and data centers that include thousands, sometimes tens of thousands, of servers. Covering such massive back-end server volumes imposes a heavy cost - in licenses, manual work, and maintenance commitments.

Deploying 2-factor authentication in corporate server volumes may be prohibitely expensive. An approach that offers equal security with considerably reduced cost is required.

Easy Entry into 2FA - CryptoAuditor at Firewall

Using a solution such as CryptoAuditor at a network chokepoint (firewall or a gateway router) allows cost-effective and secure way to add 2 factor authentication in large server farms. Integration to CryptoAuditor is easy, and reduces the number of requires 2FA agents to one. This method provides benefits such as:

  • Ease of integration - there is a single integration point for the two-factor authentication solution
  • Multiple 2FA scheme support - CryptoAuditor can be integrated with a number of different solutions in parallel
  • Reduced maintenance cost - amount of maintained nodes is reduced to one
  • Improved server security - in addition to the added security provided by two-factor authentication, the server accounts' actual login credentials are not disclosed to end-users. This allows safe use of shared accounts.
  • Auditability - CryptoAuditor allows monitoring of the sessions to the servers, both in real-time as via recorded sessions.

CryptoAuditor is available for free evaluation at our online demonstration environment.

For more information on CryptoAuditor, see product pages here.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more