Advanced Authentication. No password, Single Sign On, MFA and beyond?

Jason He Updated by Jason He

Security is always a hot topic. We have some great solutions that are always improving.

Passwordless using one-use tokens sent to the mailbox

We have had passwordless logins for many years. It is our most popular method of authentication into the Portal

This is where we send a one-time use token to the users mailbox. The user doesn't have to remember a password and access remains as secure as the users mailbox.

The concept of passwordless came out around 2010 or maybe even earlier. It is adopted by many applications. Such as Slack, Microsoft, Medium, Twitter and WhatsApp. It is operated by sending SMS or email to given user which contains a short lived token used for login purpose.

For more detail on passwordless you can read Auth0 product page or Auth0 blog page.

For DeskDirector passwordless feature, we do have default setting on token. I will list below.

  • Token is numeric
  • Token will last 10 min
  • Token length is 6 chars
  • Token within expire time won't be removed on use
  • Max failed retry is 10 (It will invalidate the token after 10 tries)

In general, the configuration we have now is secure, it is nearly impossible to guess 6 digit numeric chars in 10 tries.

These Passwordless features are currently only configurable by our consulting team for Dynamic clients only. We will be bringing self service into the Admin Console in the near future for everybody.

Passwordless tokens can be activated on a company by company basis.

Passwordless tokens can be activated on a company by company basis.

Single Sign on using Active Directory

If our Windows client is running in a Microsoft Active Directory Domain we can silently log the user using the Domain credentials. This is the most painless may to authenticate

2FA and MFA

The reason we call that as 2FA is similar to OAuth. As long as your email provider provide 2FA then passwordless is 2FA. Since you need access to email before you can login, thus, 2FA is checked during user access to their email account.

DeskDirector has held off implementing an SMS variation while we see how the debate on SMS security as a 2FA option plays out. There are ways to compromise an SMS token and we are reviewing regularly.

On a purely practical data level we find that almost every contact has an email address but many don't have a mobile number. The cell numbers are also entered in many variations and formats

Office 365 login

This is the solution of the future for customers that need more. If you want industrial strength Multi Factor Authentication and/or conditional (i.e. times/places) authentication Office 365 Auth is for you.. Office 365 accounts are Azure AD accounts and AzureAD delivers all these capabilities exceptionally well. There's a whole universe of security options available.

The best security implementation is clean and simple. With Office 365 we get Microsoft's AzureAD to do all the hard security work. The user tries to login to us. We send them to Microsoft to get an authentication workout. Microsoft reports success or failure. This is the future for all authentication

How did we do?