IBM i MFA and Password Self-Service: A winning combination
Implementing IBM i Multi Factor Authentication (MFA) and Password Self-Service (PSS) as an integrated solution allows companies to enjoy the cost savings of automation, while enhancing IBM i security and addressing compliance requirements at the same time. On the surface, IBM i MFA, Password Self-Service and 2FA software solutions already have a lot in common. If you are thinking of implementing IBM i MFA, 2FA or Password Self Service, you may want to consider implementing them together to gain both the cost savings and security benefits.
When buying any IBM i MFA Multi-Factor Authentication, 2FA Two-Factor Authentication or PSS Password Self-Service software solution, it is important to note, most compliance regulations require a single step authentication process to be used, as multi step authentication have been proven to be insecure. IBM i MFA, 2FA and PSS solutions will either use authentication factors or need answers to security questions, which will then use either a single or in multiple step process. In a multi-step authentication process, users will complete a validation process successfully, and then be presented with a new screen for the next authentication factor or question. This security flaw allows a hacker to confirm a user’s security screening information. Single-step authentication performs the entire validation process from one screen, which prevents the hacker from confirming which one failed.
IT departments planning on MFA, 2FA and PSS solutions should also be aware of security vulnerabilities of SMS based text and link resets for users, as they have been successfully hacked and commonly being reported in the news recently. Most security experts are now recommending using an app for verification or to generate codes and tokens.
MFA and 2FA Common Use Cases
Compliance is the primary reason companies are implementing MFA and 2FA. However, multi-factor authentication provides many other benefits. Companies that have strengthened password policies for various reasons, will likely also find Help Desk calls have risen significantly. Although complex passwords serve a purpose, they can be counterproductive and have unintended consequences. The worst one, people storing passwords in a file on their computer or the network. In this one example alone, implementing MFA or 2FA provide a clear solution.
Password policies used in the past have proven to be insufficient. On any given day, you can read about the latest story or stories where security breaches were caused by weak passwords or because they were carelessly stored insecurely. MFA, Multi-Factor Authentication is the best way to protect against hackers and internal threats trying to gain access to sensitive data. The IBM i MFA solution provides a very robust and flexible iSeries multi-factor authentication solution that uses single step authentication, delivers user profile self-service features for passwords resets and profile enablement, and can be deployed in a many different ways to address customer specific use cases for compliance and convenience.
PSS Common Use Cases
Password Self-Service tools are designed to streamline password management through automation, removing the burden from the Help Desk. Many PSS solutions serve a single purpose or only serve a narrow range of business services and applications. Whereas, some PSS software are far reaching, capable of being integrated into every nook and cranny of the IT infrastructure. In simple environments, or companies without an IBM i, these PSS tools may provide a cost effective solution. However, even many medium and large companies will typically exclude their primary business applications running on an IBM i. Enforcive PSS Password Self Service (PSS) streamlines password management into a secure and autonomous process for almost any platform, including IBM i, Windows, Linux, AIX, and Open LDAP.
Whether you choose to implement the security features provided by MFA and 2FA solutions or simply automate help desk tasks, your most important step will be to align all project requirements with the IBM i MFA or PSS software solution capabilities:
- Does it support IBM i green screen sign-on?
- Does it integrate with other IBM i applications, web applications, processes and services?
- Does it have the flexibility to be used in role based scenarios, such as by Group Profile, Special Authorities, IP Address, Device Type, Date/Time Range and other scenarios which may apply to project objectives
- Can it integrate into other security controls and policies, such as exit programs, profile swapping “elevated authority” rules and IBM i System Auditing “QAUDJRN”?
- Does the requirement definition mean multi factor authentication or will two factor authentication suffice?
- Does validation process involve single-step authentication or multi-step?
- Does the requirement include “four eyes principle” for supervision of sensitive tasks?
- Does it integrate with other platforms, AD or Open LDAP?
- Does it meet compliance requirements?
Please contact to discuss your requirements, watch a demonstration, download and install for POC or to get pricing.