Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Digipass 2.5.1.1 Self-Assignment A Digipass may be assigned to a User by their own action. The User must log in and include the serial number, Windows static password and One Time Password. This informs the IAS Plug-In of the assignment, and provided that the User enters the details correctly, a link will be made between the Digipass record and the User account. A grace period is not used for this method. 2.5.1.2 Auto-Assignment The IAS Plug-In can automatically assign an available Digipass when a Digipass User account is created using Dynamic User Registration (DUR). The correct Digipass must then be delivered to the User. A grace period is typically set, which allows a number of days in which the User may still log in using only their static password. 2.5.1.3 Manual Assignment A selected Digipass is manually assigned to a specific Digipass User account. The Digipass must then be sent out to the User. A grace period is typically set, during which the User may still log in using only their static password. 2.6 Security Levels The following will affect the security level of your setup for the IAS Plug-In: Using the Windows Static Password instead of a Server PIN You can configure the authentication process so that a User is required to use their Windows static password in place of a Server PIN when logging on through a remote access server. This is a valid two-factor authentication combination, but it is important to consider the security of the machines from which the User will log in. If there is a risk of key logging for example, it would still not be possible for the hacker to log in, but they would have captured the Windows static password of the User. If a PIN was used, they would only have captured the PIN. This has to be balanced against the need for a User to learn and remember an additional item, the Server PIN. © 2005 VASCO Data Security Inc. 38
Digipass Plug-In for IAS Product Guide Digipass 2.7 Virtual Digipass Implementation Considerations 2.7.1 Digipass Assignment Options With the introduction of Virtual Digipass, there are several different assignment combinations that can be used. The first option in the table below does not utilize Virtual Digipass. The others include a Virtual Digipass in either a backup or primary mode. Primary Backup Digipass None User must log in using a Digipass. Digipass Backup Virtual Digipass Digipass (temporarily disallowed) Primary Virtual Digipass Table 4: Digipass Options 2.7.2 Cost Backup Virtual Digipass User usually logs in using a Digipass, but may utilize the Backup Virtual Digipass feature where required. Usage of the feature may be limited. User must log in using the Backup Virtual Digipass feature. This might be used while a User’s Digipass is lost, until the Digipass is recovered. N/A User is assigned a Virtual Digipass and must log in using it. Your company will probably need to pay an amount for each text message sent. In some countries, mobile phone owners might need to pay an amount for each text message received on their mobile phone. This will need to be taken into consideration when deciding how to implement Virtual Digipass functionality. 2.7.3 Security Hardware Digipass devices provide the highest level of security. Virtual Digipass provides a lower, although still high, level of security. This needs to be weighed against other considerations before deciding whether your company will implement Virtual Digipass, and if so, how it will be implemented. 2.7.4 Convenience Virtual Digipass is more convenient than a hardware Digipass for many Users. Only one’s usual mobile phone is required: there are no extra devices to carry around. Users who do not habitually carry their mobile phone with them, though, are likely to find a GO 3 or GO 1 easier to transport. For Users with the Backup Virtual Digipass enabled, it might be the difference between going to work to pick up a forgotten Digipass and getting important work done at home. 2.7.5 Gateway and account Your company will need the use of an text message gateway and an account with the gateway. The Message Delivery Component will need configuration information for the gateway and the Username and static password for the account. Your VASCO supplier can assist with this process. © 2005 VASCO Data Security Inc. 39
Page 1 and 2: Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4: Digipass Plug-In for IAS Product Gu
Page 37: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu

Digipass Plug-In for IAS Product Guide - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?