Centrify has announced enhancements to Centrify MFA (Multi-Factor Authentication). The announcement focussed on two specific areas of improvement; new platforms and new authentication factors.
Bill Mann, chief product officer of Centrify said: “Centrify is committed to protecting businesses against cyberattacks that target both end users and privileged IT users. We are extending our MFA capabilities to Windows to better secure end users and their devices. For privileged IT users, we’ve added additional server operating systems, as well as enforcing MFA when remote sessions are initiated, and on privileged password checkout. Our integrated MFA capabilities clearly differentiate our solution from the competition when it comes to securing access across today’s hybrid infrastructure and apps environment.”
The benefits of multi factor authentication
Companies looking to secure their systems are more frequently turning to multi-factor or two factor authentication. Passwords are notoriously weak as users prefer something easy to remember over something secure. They can be easily cracked and data files containing password lists are frequently sold on the darknet. Even when their passwords are compromised, users are reluctant to change them. A recent Centrify report revealed that when asked to change their passwords less than 66% actually did so. In the US that number is 53%.
Centrify has expanded their solution by making it available on Windows and Unix servers. There is also extended server support for MFA at login to Unix systems running IBM AIX, HP-UX and Oracle Solaris. Centrify is also supporting laptops and desktops running the Windows operating system. While desktop’s may seem secure to many they are not. It is easy to access applications and websites from the desktop because passwords are either cached in memory or left on post-it notes attached to screens.
While Unix systems are often fairly secure, the weakest link is still the password. Bringing their solution to the platform will see Centrify offer a solution in a market that not many others cover. One company that does so is Duo but Centrify offers more authentication factors. That list was also added to in this latest release.
Additional authentication factors
The Centrify solution does not just support the legacy token-based authentication solutions such as RSA with its support for Radius servers. They have also added support for several other methods. These include voice calls, email, SMS, mobile authenticator, OATH-based OTP, Yubikeys and/or Smart Cards.
Smart Card login is new. Centrify has added support for them into the Centrify Identity Service and Centrify Privilege Service portals. In addition, derived credentials on mobile devices are now supported. The term derived credentials, refers to cryptographic credentials stored on a mobile devices that are derived from the Personal Identity Verification (PIV) card or Common Access Card (CAC). This allows users to use their mobile phone rather than a card for things such as payments, and in this case authentication.
Conclusion
These latest improvements to the Centrify platform provide benefits for both business and end users. For the enterprise they are now able to extend MFA to more of their solutions simply. In doing this the challenge is to avoid alienating users by making it harder for them to login. In ensuring that they use more of the latest MFA factors available.
Centrify are hoping to make sure that their solution is attractive to the end user. Introducing additional security levels that are onerous can lead to even worse security breaches as users look to work around the problem. The point of MFA is not to inhibit use of the systems, it is to ensure that their use is compliant. Thus avoiding the fines that authorities now have the legal right to levy.
