Joke Collection Website - Blessing messages - How to choose a suitable dynamic password two-factor authentication scheme for VPN
How to choose a suitable dynamic password two-factor authentication scheme for VPN
Scheme 1: SMS authentication
VPN's two-factor authentication technology is based on sending dynamic passwords by SMS, and IT administrators will bind their mobile phone numbers for each VPN user.
SMS Password sends the text containing the random password to the user's mobile phone through SMS. Usually, users will carry their mobile phones with them, and there is no need to carry extra hardware or install software. Therefore, it is a two-factor authentication solution that combines security and convenience closely.
1. 1 authentication process
VPN combined with DKEY SMS password authentication. Typically, VPN accounts are hosted in AD/LDAP. After completing the domain account authentication, the authentication server will randomly generate a one-time password and send it to the user's mobile phone through the SMS gateway. Users can only complete authentication after entering the secondary authentication box and submitting it for verification.
This is a double authentication of domain account and dynamic password, so it can effectively ensure the security of account information.
The process of user login authentication is as follows:
1. The user enters the user's account password on the login page provided by the network access device VPN (dial-up client or Web);
The screenshot of accessing through the Web on PC is as follows:
2.VPN submits account number and encryption password to radius dynamic SMS authentication system for authentication through radius protocol, and then informs VPN to pop up a secondary authentication page and send a short message to the user's mobile phone;
The screenshot of accessing through the Web on PC is as follows:
3. After receiving the short message of dynamic password, the user inputs the dynamic password in the provided page for further inputting the dynamic password. After submission, the dynamic password is transmitted to the radius system through radius protocol for further authentication.
Advantages and disadvantages analysis of 1.2
Advantages:
(1) There is no need to bring additional equipment.
(2) Safe and convenient
(3) low management cost
(4) It is suitable for users who don't log in frequently to work on the move.
(5) Implement audit based on mobile phone.
(6) Permanent use, saving the replacement cost of the authentication terminal.
Disadvantages:
(1) SMS may be delayed or lost.
(2) If the mobile phone is in arrears and there is no cell phone signal (such as traveling abroad), it cannot be used normally.
Scheme 2: Dynamic Token
The two-factor authentication technology of VPN is based on hardware token, and IT administrator will assign a token to each VPN user. When VPN users log in, they can complete the login by inputting the static password displayed on the token +6 digits, which is the most commonly used strong authentication scheme at present.
Dynamic token is a hardware-based dynamic password generator, and the mainstream is time-based. It changes the password every 60 seconds, and the password is valid once. In addition, because the generation and use of passwords have nothing to do with user terminals, users can easily use dynamic password authentication using notebooks, smart phones and tablets.
Its biggest advantage lies in high authentication response and physical isolation of passwords. However, users need to bring extra hardware equipment, and mobile office users may be unable to authenticate because they forget or lose them.
2. 1 certification process
There are two ways:
(1) Same as above, SMS authentication process.
(2) The combination of password and dynamic password is adopted to realize the first-level authentication.
2.2 Advantages and disadvantages analysis
Advantages:
(1) Easy to use
(2) high safety
(3) High business responsiveness
(4) High reliability of authentication
(5) Suitable for users with high login frequency.
Disadvantages:
(1) Token life cycle, which needs to be replaced after 3 years.
(2) There is also logistics distribution management, so the management cost is high.
Scheme 3: SMS password+dynamic token mixed authentication
The two-factor authentication technology of VPN is a mixed authentication method based on hardware token and SMS password, which takes into account the characteristics of the two authentication methods. It can realize that a VPN user can bind both SMS and token authentication methods at the same time, and it is easy to assign one of SMS password and token to VPN users respectively to meet the two-factor authentication needs of different users.
More VPN strengths use this method to achieve two-factor authentication.
3. 1 certification process
Passed SMS authentication.
3.2 Advantages and disadvantages analysis
Advantages:
(1) combines the advantages of SMS password and dynamic token.
(2) High reliability
(3) According to the user's usage scenario, select the corresponding authentication means.
Disadvantages:
(1) The administrator needs to manage two authentication terminals.
- Related articles
- What's the saddest thing you've ever heard about a long-distance relationship?
- How to inquire the balance of Suzhou social security card
- Why can't some people just accept long-distance relationships?
- Mobile phone can't send SMS report.
- What is the text message sent after 90?
- Leiyang People¡¯s Hospital medical service reminder Leiyang People¡¯s Hospital online appointment
- The transfer of employee social security to resident social security in Wuhan
- How to convert mortgage interest rate into lpr?
- Thank the teacher for giving the child a birthday.
- What is the standard of speeding fine in Sichuan?