Executive Summary:
- Passwords alone don’t always work well in the cloud
- Public Cloud two-factor authentication (2FA) solutions like Time-based One Time Passwords are inconvenient
- BrilliantRoot Private Cloud uses a better solution, with no impact on productivity.
Details:
Being able to use your IT services – whether held in a public cloud or in your own private cloud – from anywhere in the world can be enormously useful and beneficial. Unfortunately, it breaks our old, tried-and-mostly-kinda-true security model of passwords. Passwords used to work decently because there was almost always another invisible authentication factor at play: your physical presence in the workplace.
With anyone able to access IT services from anywhere in the world, it means that criminals can also attempt to access these services from anywhere in the worlds and passwords alone are no longer enough. Public Cloud companies have come up with a solution: Time-based One-Time Passwords (TOTP). These are generally a six digit code that is provided by an app on your smartphone, and that code usually changes every 30 seconds. This has improved security significantly, but it is far from perfect. Yes, there are several ways to beat TOTP (see our blog post here for a detailed explanation, written for laypersons).
Plus, it’s annoying to use: having to dig out your phone, open an app, get the password, and type it in. Yeah, it’s probably just half a minute. But most systems get logged into twice per day, and if you lose a minute each workday logging into each system that adds up to 250 minutes per year. Each. There are 480 minutes in a typical 8-hour workday, so that means that over a half day of your productivity is lost to an app. And that’s for each system you have to log into.
When we designed our template for Private Cloud systems at BrilliantRoot, we take advantage of the fact that we are already managing your computers and other devices to install a much more powerful and easy to use system. In fact, we use not just two authentication factors, but three. And what’s extra-cool is that they’re mostly invisible. They work silently in the background. You get more extra security, at no additional hassle. That’s one of the many advantages of BrilliantRoot’s relationship-based approach to service.
| Attack Method | Bad Password Management | Good Password Management | One-Time Passwords | BrilliantRoot Three-Factor Authentication | |
|---|---|---|---|---|---|
| Guessing or Brute-Forcing the Login | ✔︎ | ✔︎ | ✔︎ | ✔︎ | |
| MITM / Eavesdropping | |||||
| Eavesdropping Connection | ✔︎ | ✔︎ | ✔︎ | ✔︎ | |
| Fake Login Screen | ✖︎ | ✖︎ | ✔︎ | ✔︎ | |
| Intercept connection | ✖︎ | ✖︎ | ✖︎ | ✔︎ | |
| Social Engineering | ✖︎ | ✖︎ | ✖︎ | ✔︎ | |
| Steal the Password | |||||
| Written Down | ✖︎ | ✔︎ | ✔︎ | ✔︎ | |
| Attack Client Device | ✖︎ | ✖︎ | ✖︎ | ✔︎ | |
| Attack Server System | ✖︎ | ✔︎ | ✔︎/✖︎ | ✔︎ | |
| Attack the Other System | ✖︎ | ✔︎ | ✔︎ | ✔︎ | |
| User overconfidence | ✔︎ | ✔︎ | ✖︎ | ✔︎ | |
| No Extra Hassle To Use | ✔︎ | ✔︎ | ✖︎ | ✔︎ | |