Helping employees work from home

  brooklynkumar 02:12 14 Oct 2008
Locked

Trying to set up employees to work from home sometimes through a remote access vpn (cisco). Happy with the security of the system but not particularly comfortable with the security habits of employees, so want to establish 2-factor authentication, hopefully using a solution that utilizes a wired or wireless phone as the "what you have" factor. Does anyone have experience with solutions like this, and would your recommend one or another?

  setecio 10:38 14 Oct 2008

Do you mean that when they try to log in a message gets sent to their mobile phone which they have to reply to in order to authenticate as a second factor ?

  Forum Editor 17:42 14 Oct 2008

called Authetisec

click here

Which can do the job via mobile phones. One of the problems associated with using SMS as the second factor solution is latency on the mobile networks. Newer technologies get around this by using a Java ME client that's resident on the mobile as the 'what you have' token. The user simply presses a key to respond, and the phone does the rest.

It means that you have to have Java enabled mobiles, but it's a better system, and doesn't incur the extra charges that would be incurred with SMS.

  bradyglinka 05:04 20 Oct 2008

I think the voice channel is the best one. If anything is engineered to be reliable--both cell and wireline--it is voice networks. Some solutions work both on wireline and wireless phones, and allow for adjustment from line to line and even country to country, if needed.

  brooklynkumar 02:12 31 Oct 2008

Hi there, good insights all. I've come across PhoneFactor (click here, which uses the voice channel and seems like what I'm looking for for vpn authentication. Anyone have experience with this solution? Looks good but would love some real world feedback.

  bradfelcher 04:13 31 Oct 2008

Yes why would want to restrict it to Java enabled phones?

I've used PhoneFactor in my business for ssl vpn security. It's worked great, enabling near-ubiquitous 2-factor authentication without deployment of hardware or client-side software.

IT love stuff like that.

  brooklynkumar 03:31 09 Nov 2008

Hey guys, thanks for the help. I've set up a test system for PhoneFactor, it seems to be doing what I need it to do. There have been some good free versions so that I can learn what I need to on a small scale. We're about ready to roll it out for a vpn security solution.

  bradfelcher 23:27 09 Nov 2008

"Hey guys, thanks for the help. I've set up a test system for PhoneFactor, it seems to be doing what I need it to do. There have been some good free versions so that I can learn what I need to on a small scale. We're about ready to roll it out for a vpn security solution."

Good to hear, I think its way better than Authetisec

What do the rest of you think?

  setecio 21:39 18 Nov 2008

Does PhoneFactor work in the UK ?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?