Identity and privileged identity management technology developer Centrify has announced an initiative to promote the use of multi-factor authentication (MFA) throughout enterprises, supplementing or even replacing password-based security altogether.
It’s the right time to push MFA
The sheer number and scale of security breaches are mushrooming, with announcements by companies and government organizations now a daily occurrence. In unveiling its MFA Everywhere initiative at the beginning of March, Centrify caught a tailwind from President Obama’s New York Times editorial the previous month, exhorting Americans to “move beyond passwords – adding an extra layer of security like a fingerprint or codes sent to your cellphone”, adopting two-factor authentication for online safety. Obama also issued an executive order creating a Federal Privacy Council, an interagency forum to improve privacy practices in government agencies and entities acting on their behalf.
Centrify’s initiative is evidently timely. The insecure nature of passwords is a longstanding issue. Clearly this move is designed to promote Centrify’s technology (it builds MFA support into its core platform, underpinning its Identity Service, its Privilege Service, and its Server Suite). The latest additions in this context are support for the Initiative for Open Authentication (OATH), an industry-wide collaboration to create a reference architecture to encourage strong authentication by using open standards, and a gateway for the Remote Authentication Dial-In User Service (RADIUS) networking protocol, providing centralized authentication, authorization, and accounting.
OATH support means that most security tokens will now work with Centrify technology, while the RADIUS gateway enables MFA for VPNs and on-premise applications such as SAP. Meanwhile, tokens such as RSA that that are not OATH-compliant will be supported later this year when Centrify adds a RADIUS-based client feature.
Rik Turner, Senior Analyst, Infrastructure Solutions