Multi-Factor Authentication

If you are looking for an on-premises, enterprise grade 2-factor authentication (2FA) or multi-factor authentication (MFA) product that can secure all commonly used business applications and resources, and also provides a wide range of authentication methods, then you are in the right place.

Deepnet DualShield is a multi-factor authentication system that unifies a variety of authentication methods, protocols, solutions and user experience in a single platform. In addition to the MFA functions, DualShield also provides self-service Password Reset, Single Sign-On (SSO), Identity & Access Management (IAM) and Adaptive Authentication. It is one of the most powerful and flexible multi-factor authentication system in the world.

Deepnet DualShield can be installed on-premise or hosted in a private cloud, which means that you will have the total control of your own user authentication system, and that you will be able to keep your users’ identities and credentials in a safe place.

DualShield supports almost every type of multi-factor authenticaiton method that you have ever seen and wanted to use, covering all areas in knowledge-based (what you know), token & device based (what you have) and biometrics (what you are).

• OTP (One-Time Password) by SMS, email and voice call
• OOBA (Out of Band Authentication) by push notification, SMS and voice call
• OTP tokens, keyfobs and cards
• OTP apps, e.g. Deepnet MobileID, Google Authenticator etc
• Grid cards, proximity cards and smart cards
• USB keys (FIDO U2F)
• Keystroke Dynamics
• Biometrics, e.g. Fingerprint, Face & Voice recognition
• Device Fingerprint, Device ID, Device DNA.

DualShield can secure all commonly used enterprise and web/cloud applications with multi-factor authentication, covering VPN & RDP remote access, Windows, Mac and Linux OS Logon, Web & Cloud services as well as Outlook emails.

• VPN Login, e.g. Cisco ASA, Palo Alto SonicWall. WatchGuard, etc.
• Windows Login: AD domain login, RDP login
• MacOS Login
• Web Applications. e.g. Sharepoint, CRM, ERP, etc
• Cloud Service, e.g. Office 365, Google Apps, SalesForce, AWS, etc.
• Outlook Anywhere, Outlook Web Access, ActiveSync

DualShield supports several authentication protocols that have been used by different types of applications, including LDAP, RADIUS, SAML, FIDO and OATH.

• LDAP: commonly used to provide a directory service for storing user information and to verify user credentials, i.e. usernames and passwords.
• RADIUS: a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services, commonly used by networking devices such as firewalls and VPN servers.
• SAML: an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Commonly used by web & cloud applications to provide single sign-on (SSO).
• FIDO: a set of security specifications for strong authentication including multifactor authentication (MFA) and public key cryptography (PKI). Commonly used to replace password with device based authentication.
• OATH: a set of open authentication standards, e.g TOTP (Time-based One-Time Password) and HOTP (Event-based One-Time Password), which have become the de facto OTP standards supported by many multi-factor authentication products.

Multi-factor authentication requires users to provide multiple credentials in the login process. It is inevitably more complex and time consuming than password only authentication. Typically, users often need to access different types of remote resources, services and applications, from various types of devices. For instance, you may need to connect to your corporate network remotely via VPN from your laptop, and you might also need to access your business emails from your smart phones. Therefore, the user experience in the multi-factor authentication (MFA) process is very important. A successful MFA product must provide an excellent user experience in such way that users do not see multi-factor authentication being inconvenient to use, or even reducing their productivity.