Comodo Two-Factor Authentication
Strengths: Easy to install with options to authenticate when cert is unavailable.
Weaknesses: Cookie-based, PKI cert is on the device and only protected by user credentials.
Verdict: At $4.50 per user, this is an attractive option for adding an additional layer of security to Outlook Web Access or other websites.
SummaryComodo Authentication Solutions prevent fraudulent account access risks through easy-to-use and easy-to-deploy PKI client authentication certificates. Comodo Two-Factor Authentication offers a flexible, configurable proxy-based solution for web pages, Outlook Web Access and SharePoint. Comodo validates users through passwords and X.509 PKI certificates. The multifactor provision is met through the use of username and password combined with the digital certificate, which are installed into the certificate store in the browser on users' devices.
The software installation was automated and provided a post-load configuration wizard. The only system requirements for the load was Java Runtime Environment (JRE) support. We were up and running within minutes.
The provisioning of an X.509 client certificate onto the end-user's machine was handled through a simple standard logon procedure. This certificate was installed into the certificate store of our Internet Explorer browser. Digital certificates are easy to deploy and install on client devices. That certificate will be requested and verified every time we log into the proxy server and will authenticate us to the application we chose to access.
Since this used a proxy-based authentication solution, it can be deployed very quickly. No modifications are required to the applications that this solution would front end, and the automated issuance and management of the digital certificates was simple to use.
There was a provision for using a USB device to store the digital certificate. This would add extra security. The base configuration that most people would use, however, relies on storing that certificate in the browser's certificate store on the device itself. Although this adds the protection at the remote end, the cert would be available to anyone that could compromise the device where it is is stored.
Comodo Two-Factor Authentication is an easy-to-use solution that will not require a lot of IT resources to deploy or support. It provides an added level of security as long as you understand the risk.