To maintain a high level of security in our law firm, we needed a two-factor authentication solution for users. We looked around at different options, and finally settled on PhoneFactor. The three persuading points were ease of use to set up and manage, flexibility of the agent to create a fully redundant system, and the ability to cover access in all access scenarios. Now that we’ve implemented PhoneFactor and the users are now used to it, we realize that its benefits also include the fact that it just works. With PhoneFactor’s mobile phone capabilities, we can rest assured knowing that most users have their cell phone within arm’s reach at all times.
I, a security engineer, was able to design out the system and configure it for use with our remote access solution. Then I was able to document and define a process for the help desk to add and manage users. Users can also manage certain things about themselves via the web portal. Agents were also installed in our disaster recovery site, so if the main data center is down for whatever reason, those agents will answer the queries. Shortly, we will be putting other resources behind PhoneFactor.
One of the biggest questions we received from the user population was, “What if I don't have my phone, or I am in a place where I don't get cellular phone reception?” Well, the answer to that is simple. We taught the users how to go through the user web portal to perform a one-time bypass. We installed and configured theweb portal so users can change their phone number, add a phone number, and for one-time bypass they can answer their secret questions from there. So, users relaxed about not having access on airplanes, in remote wilderness places, or in foreign countries if they choose not to incur roaming costs.
From a support perspective, we leverage the PhoneFactor logs to troubleshoot access problems, to verify when someone connects, and to get various other details. We also get daily reports on usage that help us troubleshoot things and forecast usage in the case of a disaster or a snow day. We have three offices in theupper mid-west, so we do have snow days.
Microsoft support has been excellent, as well. We found it sufficient to get gold support. They have helped in a timely manner with questions of a theoretical nature, as well as with more practical questions, stepping us through configuring applications or other minor user problems.
In short, PhoneFactor met all of our needs. Users like it and are now used to it. Best of all, we have met the goals of having a second factor of authentication.
I'm looking at PhoneFactor for satisfying a two-factor authentication requirement for PCI. You mention in this blog that you used this for your remote access solution. Can I ask what "remote access" solution you used? I'm wondering if a VPN endpoint is just setup and then pointed to PhoneFactor as the Radius server will work. I would love to get more specifics around the VPN solution & how it ties into PhoneFactor. Thanks!