ManageEngine announced that ADSelfService Plus, an integrated Active Directory (AD) self-service password management and single sign-on (SSO) solution, now supports multi-factor authentication (MFA) for VPNs to protect organizations’ internal networks from unauthorized access.
By adding an extra authentication step, ADSelfService Plus makes it extremely difficult for attackers who depend on password cracking or compromised credentials to gain access to the network resources.
Amid the COVID-19 outbreak, enterprise VPN solutions have become indispensable for organizations with employees who work from their homes yet need to access resources on their organizations’ internal networks to get their work done. As a result, VPNs have become the focus of hackers such as the one who reportedly published a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
To prevent attackers from using compromised credentials to access VPN servers, the US Department of Homeland Security recommends implementing MFA on all VPN connections to increase security.
“VPN gateways are directly accessible through the internet and are prone to brute force and other types of attacks. Relying on credentials alone to protect VPN access to vital resources could result in immeasurable losses,” said Parthiban Paramasivam, director of product management, ADSelfService Plus.
“Implementing MFA for VPNs ensures that employees have a second layer of defense even if their credentials are compromised. ADSelfService Plus presents a MFA solution that is both secure and easy to use for employees.”
Securing VPNs with MFA via biometric authentication and security tokens
The 2020 State of Password and Authentication Security Behaviors Report found that biometric-based authentication was the top preference among users when it comes to authentication. ADSelfService Plus supports a wide range of secure and user-friendly authentication factors, including:
- Face ID
- Push notifications and TOTPs via the ADSelfService Plus mobile app
- YubiKey OTP
- Google Authenticator
- Microsoft Authenticator
Additionally, ADSelfService Plus seamlessly integrates with Active Directory (AD). Since many organizations already use AD credentials for VPN authentication, implementing MFA for employees requires only minimal configuration.
Apart from MFA, ADSelfService Plus also supports creating strong password policy rules that prevent dictionary words, palindromes and common patterns such as 1234, asdf and qwerty. Similarly, ADSelfService Plus integrates with Have I Been Pwned? to prevent users from setting their account passwords to previously compromised passwords.