The Codex of Business Writing Software for Real-World Solutions 2.pptx
What is Two Factor Authentication
1. Concept Note – ArrayShield IDAS 2FA
Concept Note – IDAS Two Factor Authentication
What is Two Factor Authentication?
Two Factor Authentication implies the use of two independent means of evidence
to assert an entity – “Something the user has”, “Something user knows”.
ArrayShield IDAS Two Factor Authentication Solution
ArrayShield IDAS system provides a unique ArrayCard (Something user has) to
each user and allows the user to select their pattern (something user only knows).
Using these two factors of Authentication, user derives a dynamic password that
changes for each transaction.
Why Two Factor Authentication?
Many organizations protect their infrastructure with a simple username and password. Entering
this information grants access to organization’s sensitive data that is present in servers,
databases, applications, email accounts, and other places. But it is widely acknowledged by
Information Security Experts that passwords are notoriously insecure. Many users choose weak
passwords which can be easily guessed or cracked. When password policies are enforced, users
end up noting down their passwords on Post-It notes, mobiles, email or on their laptops which
is serious security vulnerability. Phishing attacks trick users into revealing their passwords.
Malicious viruses and spyware can capture passwords and send them over the network to
attackers.
All the above scenarios make it very difficult for organizations to protect their sensitive data
from the hands of hackers and competitors. Organizations of all sizes from Fortune500 to SME,
government have witnessed multiple hacking attacks recently that were caused by gaining
knowledge of user’s password. The cause for concern is only magnified as the cost associated
with a data breach has reached an estimate of $ 6.6 million.
ArrayShield | info@arrayshield.com Page 1
2. Concept Note – ArrayShield IDAS 2FA
Clearly passwords are not sufficient for protecting organization’s data:
• Easy passwords can be cracked
• Random passwords can’t be remembered
• Same passwords are used at multiple places
• Passwords that needs to be continuously changed are not user-friendly
Additionally, government regulations such as Sarbanes-Oxley, PCI Data Security Standard, US
Data Breach Notification Laws and others have been put in place to protect access to corporate
networks. Failure to meet requirements that call for the implementation of two-factor
authentication could result in regulatory fines and irreversible damage to a brand’s reputation.
Security experts worldwide suggest the usage of a strong, two-factor authentication to protect
organizations assets. The same is also recommended by various compliances/certifications like
PCI-DSS, HIPAA, SAS 70, ISO 27001 and others.
How ArrayShield IDAS works?
ArrayShield innovative two factor authentication system – IDAS provides a simple secure access
to enterprise applications. By using its innovative pattern based authentication it provides One-
Time-Secret-Code for every login transaction without using any smart hardware. In IDAS every
user is shown with a matrix on the login screen which is populated with random characters for
every transaction. User has to choose a pattern which is a sequence of cells in the matrix and
should register the same with the system prior accessing the ArrayShield IDAS Two-Factor
solution. A translucent card is provided to each user which has a similar structured matrix with
transparent and opaque cells and some random characters imprinted on the opaque cells. Each
card is unique in terms of the position of the opaque cells and the characters imprinted on
them.
At the time of accessing the application, user is shown with the randomly populated matrix as a
challenge. The user overlaps the translucent card on the shown matrix and will key in the
characters present in the chosen pattern in the same order. These characters form the One-
Time-Secret-Code for the user for that transaction. The ArrayShield IDAS server verifies the user
credentials by comparing user’s registered pattern and the pattern values entered by the user.
Access is given to the user if the user credentials are valid.
Conclusion
By using ArrayShield IDAS Two-Factor authentication solution, organizations can enable secure
access to their enterprise Applications. The solution will make organizations of all sizes and
complexities protect from the malicious attacks happening on the enterprise applications.
ArrayShield | info@arrayshield.com Page 2