Why your VPN connections need two-factor authentication | IS Decisions
Virtual private networks (VPNs) are very popular among companies and organizations that want to give their employees remote access to their private servers. By creating secure connections between remote machines and your servers, VPNs solve some very important problems. They prevent hackers from finding and entering your servers while allowing your employees to securely access their corporate files and applications from anywhere.
Why add 2FA to VPN connections?
However, VPNs are not a perfect solution and are subject to specific security threats, such as phishing and spear phishing attacks. For example, an attacker sends a legitimate-looking email to one of your employees and invites them to log into their account via a link in the email to update their information, pay a bill, to consult his messages etc…. The hacker only has to wait for the unsuspecting employee to enter their username and password.
Once in possession of valid credentials, the attacker will be able to connect to your VPN as a legitimate user, gain full access to your network and steal information or cause other types of damage.
How two-factor authentication secures your VPN network
Two-factor authentication (2FA) prevents hackers from accessing your network using compromised credentials. 2FA requires users to validate their identity by presenting a second security factor in addition to their password. When connecting to a corporate network, users must first enter their Active Directory credentials, followed by a time-based one-time password (OTP) or HMAC. This OTP (a digital code) is displayed on something that a user “owns”, such as a specialized smartphone application called an authenticator or a programmable hardware token such as Token2 or YubiKey.
One of the key ideas behind 2FA is that it is extremely difficult to impersonate a user without having access to this second factor. This means that even if hackers manage to steal all of your employees’ usernames and passwords, they still won’t be able to access your VPN because they don’t have the 2FA code.
This is an additional layer of security against unauthorized access to your systems.
Learn More about IS Decisions
UserLock presents a 2FA solution that is both secure and easy to use. The latest version of the software has just been released, and now allows you to apply 2FA to VPN connections. UserLock integrates seamlessly with Active Directory to facilitate the implementation of multi-factor authentication across an organization.
UserLock supports MFA via authentication applications that include Google Authenticator, Microsoft Authenticator and LastPass Authenticator, or programmable hardware tokens such as YubiKey and Token2.