DUGDALE DIGITAL
SOLUTIONS
2FA - FAQ
1.
What is 2FA?
2FA
stands for “second factor
authentication”. It
provides an
additional layer of security at log in to a PC, mobile or tablet or
when
accessing a specific web site or area of a network.
The most obvious example is online banking to
gain entry to your personal bank details and account.
2.
What does it do?
The
user will have a 2FA card,
fob, dongle or memory-type stick (or a smart phone – see below). On logging onto the
particular area of a
network (or when first logging onto an internet-connected device), the
user
traditionally (what you currently do) will be asked to input a user
name and a
password (“first factor authentication”) followed by a request to input
numbers
generated randomly by the 2FA card (it can also ask for a PIN number
initially
before generating the random numbers which change every 30 seconds). If the numbers are
accepted, the user can
access the network.
3.
What is the point of it?
The
use of 2FA provides an extra
layer of access security, thereby making the network much more
difficult to
hack into or access by unauthorised users.
This becomes increasingly relevant as personal and work
activities are
increasingly being conducted through the same internet-connected
devices.
4.
Why is 2FA more secure?
The
2FA card cannot be hacked
because it isn’t connected to the internet at any time and operates
from
outside the internet-connected device.
Essentially, logging in then relies on something you know
(your user
name and password – usually quite easily hackable: 1FA) and something
unique
that you have (the 2FA card or fob which isn’t hackable because it
stands
alone, permanently offline).
5.
Is 2FA just another “flavour of the month”?
No. News of Big Company
security breaches and
data hacking now makes TV headlines and the front pages of national
newspapers. What
very few people currently
know is that having a 2FA solution is now necessary for PCI DSS
compliance and
is also required for ISO 27001 certification since January 2016. Data compliance companies
are increasingly
recommending some form of 2FA protection for all networks.
6.
How does the 2FA device work?
The
2FA will be configured to
respond only to the parameters programmed into it which will be unique
to every
different individual. Each
card or fob
will have its own unique serial number and this is allocated to the
specific
end user. If
someone stole your 2FA
card, they could only access your network if they knew your login name
and
password. 1FA and
2FA work together to
enhance security and reduce significantly the likelihood of
unauthorised
access.
7.
Can’t 2FA be applied through a smart phone?
Yes
it can and in some quarters
is seen as the logical and obvious successor to cards, fobs and dongles. Dugdale Digital Solutions
can supply this
technology but warns that it is not secure – mobile phones can be
hacked
relatively easily; to use the 2FA function relies on there being
consistent
network reception and coverage (not always the case in the UK) and, of
course
phones are often broken or lost: 32,000 company smart phones were left
in bars
in the UK in 2014 alone! A
2FA card is
exactly the same size as a credit card, designed to fit into a wallet
or bag
and, of course, if the card is lost, it cannot be used by anyone else.
8.
How is 2FA supported?
Large
organisations may want to
enable the 2FA cards themselves (putting them through a software
routine to
allocate each card uniquely to the specific end user) which then
requires
hosting themselves. Alternatively,
for
smaller companies (especially SMEs), Dugdale Digital Solutions can
organise the
enabling of the cards and host them on behalf of the individual
company, also
providing full support services.
9.
Can the 2FA device be branded and/or
personalised?
Yes. Dugdale Digital Solutions
will overprint the
cards with your brand name, logo and any short text (such as address,
telephone
details and web URL) and can also add individual users’ names and
photographs. This
adds less than 50p per
unit to the price.
10.
What does 2FA cost?
Depending
upon the type and
volumes of device required, individual 2FA cards are sold between £8
and £12
excluding VAT. Hosting
and support comes
in around £1.80 per user per calendar quarter (60p/month).
11.
What is the minimum quantity per order?
Dugdale
Digital Solutions is
working on a solution for SMEs (ready in July 2016) that means we can
deliver
any quantity (although there are unit cost benefits for larger orders).
12.
How reliable are the 2FA devices and what
is their shelf life?
Faulty
or non-functioning devices
are well below 1% of any given batch.
In
the event of a device not working or ceasing to function for any reason
in the
first 12 months of use, Dugdale Digital Solutions will replace it free
of
charge and within 3 days of the problem being reported.
The battery life of the device depends upon
how often it is used, but we estimate that this is very rarely less
than three years
and could be as long as five.
13.
What is the lead time from order to
delivery?
If
all components are in stock,
the lead time for the basic card is around 4 to 6 weeks. If the cards are to be
delivered enabled and
hosted by Dugdale Digital Solutions, allow another 2 weeks; for
individual
personalisation, allow an additional 1 week.
14.
Why should I use Dugdale Digital Solutions?
We have a proven track record of successful supply of 2FA cards into a large government agency (reference available); we have researched the market thoroughly and know all the manufacturers, together with each’s technical capabilities and suitability for particular clients’ needs. Our team are experienced and successful businesses people dedicated to great customer service and delivering the most suitable product at very competitive prices. We are constantly pushing our manufacturers to the edge of the latest technical developments and creating platforms that will improve security coupled with ease of use for our customers. We are accredited by the UK Government to promote and sell 2FA technology to government departments, agencies and local government as part of the online G-Cloud catalogue.
Dugdale Digital secures order for 87,000 2FA tokens from a government agency.
E.mail: info@dugdaledigital.com
Phone: 07785 346935