Mission Control Strong Authentication

            The Strong Authentication service reduces the risks associated with ordinary password authentication and provides a more secure way of logging in to the network by using a second authentication factor, such as one-time passwords or SMS authentication.


            OTP Token Authentication

            Tokens produce a constantly alternating 6-digit number that provides an additional authentication factor. It serves as a one-time password and, therefore, prevents various attacks on the user's credentials including keyboard logging at internet cafés or any eavesdropping and password thefts. Users are relieved from difficult password handling. Periodic password renewal enforcements can be simplified with increased protection.

             

            Hardware token in the form of a keyring that shows an alternating 6-digit number at the push of a button.
            Hardware token in the form of a keyring that shows an alternating 6-digit number at the push of a button.


            Software tokens are stored on a mobile device, such as a smartphone.
            Software tokens are stored on a mobile device, such as a smartphone.

            Certificate Authentication

            Client certificates can be used for device or user authentication. For user authentication, a user identifier is extracted from the user certificate during the login phase. This is convenient for users and automatically creates a strong binding between the user certificate and user login. Device authentication can enforce the use of company-managed computers for remote access.


            SMS Authentication

            For users with mobile phones this method of strong authentication is an alternative to hardware tokens. After the correct password is entered, an SMS with a one-time password (OTP) is sent to the mobile number of the user (that number is registered in advance in the Mission Control Portal). The user completes the authentication by entering this OTP in the newly presented field of the login page. This process proves that the user is in possession of a mobile device with a SIM card that corresponds to the registered mobile number, and is thus a form of two-factor authentication, i.e. the user knows a password and has a unique device.