The Problem with Standard Passwords.
Proper security protocol dictates a rigorous password regimen, which imposes a policy of difficult passwords on each end user. Passwords should be difficult to guess, have both alpha and numeric characters, and be changed on a regular basis. Furthermore, passwords should never be written down or shared. Proper password policy prevents the occurrence of illegal access through stolen passwords in most cases, but in reality, it is hard to enforce. End users want the easiest path, and tend to be resistant to difficult passwords. They create passwords that are easy to remember. They write them down. They share them with their co-workers. This defeats the whole purpose of the password security policy.
Using a password alone, or single-factor authentication, is adequate in light security environments where data is not sensitive. But when there is a more stringent need for protection, two factors must be used. The most efficient second factor is a one-time password, which goes beyond simply serving as a second authentication factor, but also mitigates some of the drawbacks of the memorized password. Because it is used only one time, it is impossible for them to be stolen, keylogged or sniffed.
Tokenless Solution.
There is no question that two-factor authentication should be the solution of choice for remote environments requiring high levels of security. By definition, two-factor authentication requires two separate authenticators. SonicWALL's One-Time Password (OTP) solution calls for a standard network password, and a one-time password generated by the server. Some other two-factor authentication solutions use a network password and a physical hardware token that generates the one-time password. The disadvantage to the hardware approach is that the tokens present an additional expense, may need to be replaced periodically, and can easily get lost. SonicWALL's software approach gives you strong two-factor authentication, without the high costs associated with hardware tokens.
One-Time Passwords.
One of the most important features of the SonicWALL SSL VPN is one-time passwords (OTP). This feature provides an enhanced level of user authentication, and is especially useful in protecting against the threats caused by keylogger programs. The OTP feature, a variation of two-factor authentication, generates a one-time password, which the user enters along with their username and standard network password. Because the SSL VPN appliance generates a new password for every login, even if that password is stolen, keylogged or sniffed, it would be useless to the attacker. The one-time password is entered into the Virtual Office login interface.
How Does the User Get the One-Time Password?
After entering in their regular user name and password, the SSL VPN appliance dynamically generates a one-time password. Users will receive an e-mail at a predefined personal e-mail address or a text message to mobile phone, which will contain the temporary one-time password generated by the SSL VPN appliance. No additional hardware token or card is required.
SSL VPN Standard Feature Set.
Two-factor authentication typically comes with a separate solution, which is separately installed and costs extra. With SonicWALL SSL VPN, the tokenless two-factor authentication capability comes included as a standard part of the feature set with all SonicWALL SSL VPN appliances.
