NETGEAR FVS318N Modem User Manual


 
Two-Factor Authentication
401
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
What Is Two-Factor Authentication?
Two-factor authentication is a security solution that enhances and strengthens security by
implementing multiple factors of the authentication process that challenge and confirm the
users’ identities before they can gain access to the network. There are several factors that
are used to validate the users to make sure that you are who you say you are. These factors
are:
Something you know—for examp
le, your password or your PIN.
Something you ha
ve—for example, a token with generated passcode that is 6 to 8 digits
in length.
Something you are
—for example, biometrics such as fingerprints or retinal prints.
This appendix focuses on and discusses only the first two fa
ctors, something you know and
something you have. This security method can be viewed as a two-tiered authentication
approach because it typically relies on what you know and what you have. A common
example of two-factor authentication is a bank (ATM) card that has been issued by a bank
institute:
T
he PIN to access your account is something you know.
T
he ATM card is something you have.
You need to have both of these factors to gain access to your bank account. Similar to the
way A
TM cards work, access to the corporate networks and data can also be strengthened
using a combination of multiple factors such as a PIN and a token (hardware or software) to
validate the users and reduce the incidence of online identity theft.
NETGEAR Two-Factor Authentication Solutions
NETGEAR has implemented 2 two-factor authentication solutions from WiKID. WiKID is the
software-based token solution. So instead of using only Windows Active Directory or LDAP
as the authentication server, administrators now have the option to use WiKID to perform
two-factor authentication on NETGEAR SSL and VPN firewall products.
The WiKID solution is based on a request-response architecture where a one-time passcode
(OTP), which is time-synchronized with the authentication server, is generated and sent to
the user after the validity of a user credential has been confirmed by the server.
The request-response architecture is capable of self-service initialization by end users,
dramatically reducing implementation and maintenance costs.
Here is an example of how WiKID works:
To use WiKID (for end users):
1. L
aunch the WiKID token software, enter the PIN that has been provided (something the
user knows), and then click Continue to receive the OTP from the WiKID authentication
server: