Dugdale Digital Solutions

DUGDALE DIGITAL SOLUTIONS

2FA - FAQ

 

1.     What is 2FA?

2FA stands for “second factor authentication”.  It provides an additional layer of security at log in to a PC, mobile or tablet or when accessing a specific web site or area of a network.  The most obvious example is online banking to gain entry to your personal bank details and account.

2.     What does it do?

The user will have a 2FA card, fob, dongle or memory-type stick (or a smart phone – see below).  On logging onto the particular area of a network (or when first logging onto an internet-connected device), the user traditionally (what you currently do) will be asked to input a user name and a password (“first factor authentication”) followed by a request to input numbers generated randomly by the 2FA card (it can also ask for a PIN number initially before generating the random numbers which change every 30 seconds).  If the numbers are accepted, the user can access the network.

3.     What is the point of it?

The use of 2FA provides an extra layer of access security, thereby making the network much more difficult to hack into or access by unauthorised users.  This becomes increasingly relevant as personal and work activities are increasingly being conducted through the same internet-connected devices.

4.     Why is 2FA more secure?

The 2FA card cannot be hacked because it isn’t connected to the internet at any time and operates from outside the internet-connected device.  Essentially, logging in then relies on something you know (your user name and password – usually quite easily hackable: 1FA) and something unique that you have (the 2FA card or fob which isn’t hackable because it stands alone, permanently offline).

5.     Is 2FA just another “flavour of the month”?

No.  News of Big Company security breaches and data hacking now makes TV headlines and the front pages of national newspapers.  What very few people currently know is that having a 2FA solution is now necessary for PCI DSS compliance and is also required for ISO 27001 certification since January 2016.  Data compliance companies are increasingly recommending some form of 2FA protection for all networks.

6.     How does the 2FA device work?

The 2FA will be configured to respond only to the parameters programmed into it which will be unique to every different individual.  Each card or fob will have its own unique serial number and this is allocated to the specific end user.  If someone stole your 2FA card, they could only access your network if they knew your login name and password.  1FA and 2FA work together to enhance security and reduce significantly the likelihood of unauthorised access.

7.     Can’t 2FA be applied through a smart phone?

Yes it can and in some quarters is seen as the logical and obvious successor to cards, fobs and dongles.  Dugdale Digital Solutions can supply this technology but warns that it is not secure – mobile phones can be hacked relatively easily; to use the 2FA function relies on there being consistent network reception and coverage (not always the case in the UK) and, of course phones are often broken or lost: 32,000 company smart phones were left in bars in the UK in 2014 alone!  A 2FA card is exactly the same size as a credit card, designed to fit into a wallet or bag and, of course, if the card is lost, it cannot be used by anyone else.

8.     How is 2FA supported?

Large organisations may want to enable the 2FA cards themselves (putting them through a software routine to allocate each card uniquely to the specific end user) which then requires hosting themselves.  Alternatively, for smaller companies (especially SMEs), Dugdale Digital Solutions can organise the enabling of the cards and host them on behalf of the individual company, also providing full support services.

9.     Can the 2FA device be branded and/or personalised?

Yes.  Dugdale Digital Solutions will overprint the cards with your brand name, logo and any short text (such as address, telephone details and web URL) and can also add individual users’ names and photographs.  This adds less than 50p per unit to the price.

10.  What does 2FA cost?

Depending upon the type and volumes of device required, individual 2FA cards are sold between £8 and £12 excluding VAT.  Hosting and support comes in around £1.80 per user per calendar quarter (60p/month).

11.  What is the minimum quantity per order?

Dugdale Digital Solutions is working on a solution for SMEs (ready in July 2016) that means we can deliver any quantity (although there are unit cost benefits for larger orders).

12.  How reliable are the 2FA devices and what is their shelf life?

Faulty or non-functioning devices are well below 1% of any given batch.  In the event of a device not working or ceasing to function for any reason in the first 12 months of use, Dugdale Digital Solutions will replace it free of charge and within 3 days of the problem being reported.  The battery life of the device depends upon how often it is used, but we estimate that this is very rarely less than three years and could be as long as five.

13.  What is the lead time from order to delivery?

If all components are in stock, the lead time for the basic card is around 4 to 6 weeks.  If the cards are to be delivered enabled and hosted by Dugdale Digital Solutions, allow another 2 weeks; for individual personalisation, allow an additional 1 week.

14.  Why should I use Dugdale Digital Solutions?

We have a proven track record of successful supply of 2FA cards into a large government agency (reference available); we have researched the market thoroughly and know all the manufacturers, together with each’s technical capabilities and suitability for particular clients’ needs. Our team are experienced and successful businesses people dedicated to great customer service and delivering the most suitable product at very competitive prices. We are constantly pushing our manufacturers to the edge of the latest technical developments and creating platforms that will improve security coupled with ease of use for our customers. We are accredited by the UK Government to promote and sell 2FA technology to government departments, agencies and local government as part of the online G-Cloud catalogue.