Password authentication is based on a single authentication factor: the password itself.
Multi-factor authentication is based on several factors - usually 2 - that significantly increase the difficulty of stealing a user's identity.
Some MFA solutions generate a one-time password (OTP), valid for only one session. If a hacker were to gain access to this password, he couldn't reuse it anyway!
The most common authentication factor combinations are the following:
The form factor - the nature of the device that users carry with them - has many implications, the most important being the level of security and the user's convenience.
More than ever, data is threatened by attacks or identity theft. Identity protection has, therefore, become critical and requires authentication solutions that meet the challenges of data security.
Passwords are no longer sufficient, unless you choose a (too) heavy password policy (frequent changes, passwords too complex for users to remember, etc.).
Until now, strong authentication (multi-factor authentication, or MFA) was more secure, but required to equip users with hardware tokens. This implied significant delays, high costs and constraints for users.
Therefore, organizations had to choose between security and ease of use, taking into account risks, security, user constraints, management burden and, of course, costs.
This is why strong authentication was often limited to situations where the risks were high enough to justify its drawbacks.
Alternatives to hardware tokens now exist, and Visual Guard integrates the only solution that combines a high level of security and extreme simplicity for the user.
At the other end of the comfort spectrum, VG's strong authentication is based on trusted devices and eliminates unnecessary and tedious operations:
It is also a flexible solution that allows the user to authenticate with different devices, depending on what is most convenient for him.
Find more information about possible authentication scenarios on this page.
By removing hardware tokens, you also eliminate all costs associated with purchasing hardware, distributing tokens to users and replacing broken or lost tokens.
Visual Guard's strong authentication provides a secure and scalable registration and revocation process. Many use cases do not even require any installation on the user's device.
This solution raises the level of security:
If anyone wishes to access your account:
Several authentication methods are available:
The methods listed above cover most use cases.
They can be used in very flexible ways:
More details on authentication methods on this page.
If the user has several trusted devices, he only needs one PIN code:
The PIN code is often used as a second authentication factor, in addition to the possession factor (what you have).
Instead of a PIN code, users can use biometry if it is available on their device (fingerprint reading for example).
More information on biometric identification on this page.
To ensure that the authentication service is always available, it relies on several independent server infrastructures, distributed in certified, fully redundant data centers, and managed by different providers.
The loss of connectivity of all but one server infrastructure would have zero impact on the availability of the authentication service.
This architecture has achieved 100% service availability over the past 5 years. Even Gmail and AWS have lower availability rates.
The implementation and design of this solution, as well as the use of patented algorithms, guarantee a very high level of security, both on the client and server sides.
In addition, these authentication algorithms are executed within security servers (Hardware Security Modules, HSM) protecting against attacks and abuses.
Thus our users have full control over the entire chain of trust.