Two-factor Authentication (2FA)
The password alone is not enough to identify a user in the twenty-first century. LogonBox products have extensive support for many types of authentication to ensure that your user’s identities are confirmed using a mechanism in line with your security policies.
Supported 2FA Factors
 |  |  |  |  |  |
Duo Security | SAML Authentication | RSA SecureID | Yubikey Security | Microsoft Authenticator | Google Authenticator |
 |  |  |  |  |  |
Radius Authentication | SMS Authentication | WebAuthn Authentication | Email Authentication | Secure Q&A |
How does each 2FA option stack up?
LogonBox product’s support many authentication types. Here we provide not only the list of supported authentication factors, but provide our opinion on the security, administration and ease of use of each type of authentication.
Yubico
USB Hardware Device
USB security keys that provide passwordless strong authentication for two-factor and multi-factor authentication.
“A very strong second-factor with good compatibility; requires up-front investment and distribution of hardware keys to end-users.”
WebAuthn
Browser + USB Device
WebAuthn is a web standard and protocol that enables strong authentication of web applications through the use of public-key cryptography on hardware tokens.
“Another very strong second-factor; up-front investment and distribution of hardware required with slightly more complex configuration for the user when compared to direct Yubikey support.”
LogonBox Authenticator
Mobile Application
LogonBox’s own 2FA solution that provides a secure log in option using modern public-key cryptography and a unique swipe me in action.
“Included as part of any LogonBox product; Flexible configuration with an option to require biometric response.”
Q&A
User Secret
Setup user authentication by requesting an answer from a set of pre-defined questions that they have previously provided answers to.
“A tried and tested solution but not the most secure method available and subject to the usual problems associated with user secrets and passwords.”
Email OTP
Trusted Message
Email the user a random one-time password to their primary or secondary email account.
“A good compromise between administration and security. Not a suitable solution if the users email account is protected by their Active Directory password.”
SMS OTP
Trusted Message
Send an SMS message to the user’s mobile phone containing a random one-time password.
“A great way of delivering one-time passwords but can be subject to mobile network issues.”
Duo
Mobile Application
If you have already invested in an existing 2FA solution like Duo, you can uiltise this in any of our authentication flows.
“A great solution for when you have already invested time and effort to deploy with other services.”
Google Authenticator
Mobile Application
The Google Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.
“Requires no network communication during authentication, just read the current password and enter at the prompt.”
Microsoft Authenticator
Mobile Application
The Microsoft Authenticator mobile app uses the TOTP protocol to generate time-based one-time passwords.
“Another great TOTP solution compatible with Google Authenticator.”
PIN
User Secret
A small numeric password of fixed length that the user would present. This would not be typically used on its own, but in-front of another authentication factor.
“In the end a PIN is just a numeric password. Easy for users but don’t use without an additional factor.”
reCaptcha
Mobile Application
Google’s “are you human” authenticator which presents a “I’m not a Robot” and other prompts to ensure users are real users and not bots.
“Not really an authentication factor, but certainly helps to ensure bots and scripts are not trying to brute force your server.”
RADIUS
External Authentication
Authenticate against any server supporting the RADIUS protocol. This legacy protocol lives on and still has some relevance when used correctly.
“When used to support real hardware tokens like RSA SecurID it’s a very secure factor.”
Our Brands
LogonBox is a part of the Jadaptive Group of companies, which includes:
