Usernames and passwords have long been the preferred method of securing applications from unauthorized access. Two-factor authentication (TFA) expands on this method, and provides for exponentially stronger security.
For businesses using enterprise CRM, there are several options for implementing two-factor authentication.
What Is Two-Factor Authentication?
Two-factor authentication is a layered security approach that requires end users to provide information from two of the three authentication categories. Broadly defined, those categories are:
- Something the user knows: This can be a login ID, PIN, static password, or any other memorized information.
- Something the user has: This is something that the user has physical control of, such as a swipe card, cellular telephone, email account, or a token that generates a single-use password or PIN.
- Something the user is: Often referred to as “biometrics,” this category usually requires a thumbprint, retinal scan, voice verification, or other physical proof that the user is who they claim to be.
To successfully log in to a system, the user must present data from two of the categories. This greatly reduces that chances of a remote attacker being able to enter a system, even if they have managed to get ahold of a user ID and password. Without also having access to something the legitimate user physically controls, attempts to log in will be unsuccessful.
Practical Examples Of TFA
For enterprise CRM users, email and mobile authentication are the two most popular forms of TFA.
When a user attempts to log into their CRM account, they are prompted for their username and password combination. After entering the correct combination, the system automatically sends an email to an account associated with that user, and redirects them to a second login screen.
The email may contain a passphrase, link, or PIN that the user must enter into the login screen, within a limited amount of time, to gain access to the CRM system.
Like email authentication, the user logs into the CRM system as usual, and is directed to another verification screen. The system then pushes an SMS containing a PIN or passphrase to the user’s mobile device. The user has a limited time to enter that information into the verification screen to access the CRM system.
Some vendors also offer standalone mobile applications that automatically generate a verification token, without the need for SMS.
How It Helps
Prevents Unauthorized Access
Unscrupulous actors have developed a variety of methods for figuring out or capturing usernames and passwords remotely. By adding a physical component to the login process, businesses can effectively eliminate the risks of phishing scams, keyloggers, and the like.
For the sake of convenience, flexibility, and productivity, most companies allow their employees to access CRM from their own devices. Once an employee is out from behind your firewall, you really have no idea what protections they’re employing.
By implementing advanced authentication protocols, you can be assured that robust protections still exist between your CRM system and unauthorized users.
Depending on the type of business you run, governmental and industry standards may require you to use more secure login protocols. Enabling TFA is an easy, effective way to bring your login process into compliance with those agencies.
Enterprise CRM & User Authentication
Given the importance of CRM security, it’s no surprise that the leading enterprise vendors offer some options for two-factor authentication. Here’s a look at the three leading vendors, and some of the enhanced authentication options they provide:
Salesforce offers managers the option to require additional verification for individual users, groups of users, users signing in from an unknown device or network, and more.
Once enabled, users must download an authenticator app on their mobile device. When the user attempts to log in, the app will generate a single-use, time-based token that they must enter into the login screen.
Late last year, Microsoft announced that TFA would be available for most applications running on their Azure cloud infrastructure. It is also available for on-premise installations by downloading additional software.
Dynamics CRM 2013 is included in the list of applications that support stricter authentication, for an additional price. Azure offers options for verification through mobile applications, SMS, and automated voice calls.
SugarCRM does not have a native option for TFA. However, as an open-source product, there are several third-party applications that provide enhanced security options for SugarCRM users.
Two-Factor Authentication & Single Sign-On
With our recent post about using CRM with single sign-on, it seems prudent to mention that the two are not mutually exclusive. SSO provides a single entry portal for multiple business applications.
Two-factor authentication increases the security of entry portals, whether you use a single portal for all applications or separate portals for each application. As long as TFA is implemented for each portal, they will be more secure.