Five Facts You Should Know About SSO

1. What is it?

If you have ever opted to “Log in with Facebook” or “Log in with Google” to access an account that is neither of those two, then you have used SSO! Single Sign-On, otherwise known as SSO, is an authentication service that allows you to access multiple different accounts while only having to log into one. The process of logging in with another account adds great ease as you don’t have to create or remember credentials for yet another website. Which is the beauty of SSO— it combats password fatigue. When an SSO application is implemented, you have the option of logging onto a portal in which you see icons for Gmail, Facebook, LinkedIn, etc. All you have to do is click one of those and you’ll automatically login without reentering information, since you have already logged into the portal. 

2. The History Behind SSO 

Forbes reports that SSO was birthed in the late 1980’s as an IAM (Identity and Access Management) system. The goal being to help consolidate login credentials for businesses and government agencies. As the world began to digitize, so began the habit of keeping passwords on post-it notes, forgetting and creating weak passwords, and cyberattacks. SSO sought to solve these issues by creating a better way to keep your information secure, not only within but, across internet applications.

3. Benefits of SSO 

Single Sign-On has many benefits, both to business and end users. SSO exponentially increases user convenience, transparency, speed, and security while also being shown to lower IT overhead costs. Only having to remember and input one set of credentials helps you get into accounts faster and with more ease. Transparency is also ensured when using a delegated SSO system: much like when you download an app on your phone and give it permission to access data across platforms— you can easily opt out of sharing. Single Sign-On also increases security by enabling complex authentication policies, randomizing passwords, and enabling re-authentication as needed. Further, implementing SSO also has tremendous organizational security benefits: especially in the way of revoking account access and deleting employee accounts after their termination. If you remember, this is the exact vulnerability that led to Colonial Pipeline being compromised earlier this year. 

4. The Myth that SSO Can Make You Vulnerable 

The argument that SSO may lead to more vulnerability is outdated and can be easily counteracted by proper use and implementation. The fear stems from the worry that if someone got ahold of your credentials they would be able to unlock your entire digital persona— putting all of your applications at risk. But, there is a simple fix for this: enabling Multi-Factor Authentication in order to add a layer of security that can not be hacked or compromised (like a fingerprint or token). By combining Single Sign-On with Two-Step or Multi-Factor Authentication you’ve not only maximized convenience and efficiency, but you have now stopped 99.9% of threats to your accounts.

5. You Can Implement SSO With Digital Persona Premium 

Digital Persona is a software that provides secure access and authentication to users. It is a tool for Multi-Factor Authentication and is widely used and trusted by businesses and government agencies alike. With Digital Persona Premium, you can implement Single Sign-On and reap numerous benefits, ranging from added security to added efficiency. This browser-based SSO Portal gives easy access to SAML-enabled apps. The Password Manager provides Single Sign-On and enforces strong authentication without modifying underlying applications. This feature also has capabilities to securely store, update, and auto-fill passwords. For more information on Digital Persona Premium and implementing Single Sign-On, check out our website at https://www.txsystems.com/digital-persona

Multi-Factor Authentication

What is it and why is it important?

The average American has 150 online accounts. These accounts all have one thing in common, they require the owner of the account to have a username and password. The process of entering these credentials is called authentication: proving you are who you say you are. Unfortunately, this alone is not secure enough especially when it comes to things like online banking or your business. Usernames can be easily found by hackers— oftentimes it can be as simple as knowing their target’s email address. And let’s be honest: passwords are hard to remember, which often leads to people creating very simple ones and using them across multiple different sites. In fact, in 2016 it was found that 73% of passwords used are duplicates. This is very dangerous and leaves you vulnerable to cyberthreats that are easily preventable. 

The solution? Multi-Factor Authentication or MFA technology. By using a secondary form of authentication— what we call a second “factor” you can prevent 99.9% of threats to your business. A secondary factor comes in many different forms, it can be: 

  • Something you have (i.e. a physical device, card, or token) 
  • Something you know (i.e. a password or a pin) 
  • Something you are (i.e. a biometric such as fingerprint or face scan) 
  • Something you do (i.e. behavioral metrics) 

It is important to note the need to combine two different factors. Two passwords, or a password and a pin will not be the optimal solution: if a hacker can compromise one password they can compromise a second just as easily. However, when you combine two differentiated factors (like a password and your fingerprint) the chances of getting breached go down to almost none. Someone can easily steal your password, but it is far more difficult to reproduce someone’s fingerprint!


Tx Systems specializes in providing you and your business with MFA solutions that are easy to implement and incredibly secure. Safeguarding your employees and your business from cyberthreats is of great importance as hacking attempts become more advanced and prevalent. Multi-Factor Authentication ensures a peace of mind that is second to none. Allow our team of experts to find the solution that fits your needs and safeguard your business today. Check out our website for a full picture of all the MFA solutions we offer at https://www.txsystems.com/multi-factor-authentication.

How to Prevent the Next Colonial Pipeline Attack:

Using MFA as a Defensive Weapon

The Colonial Pipeline attack on May 7, 2021, was a devastating display of weak cybersecurity, illuminating a pressing need for Multi-Factor Authentication. Multi-Factor Authentication is one of Tx Systems specialties, and implementing one of the many MFA solutions could have saved Colonial Pipeline from the crippling ransomware attack they suffered. MFA solutions combine login credentials with a secondary factor, such as a biometric scan, or other physical access device like a smart card, reader, or token. In the case of the Colonial Pipeline Attack, the lack of MFA is entirely to blame for the ransom and the chaos that spurred from it. 

Hackers gained access to Colonial Pipelines network on April 29, 2021. They were able to do this by obtaining a compromised username and password. The password was used to access the network’s servers remotely, through FireEye, but the account was not guarded by the extra layer of MFA security. Past the point of obtaining the credentials, hackers faced no further barriers to entry. It has since been discovered that the password was part of a batch of leaked credentials found on the Dark Web. This means it was likely the Colonial Pipeline employee had used that same password for another account that was compromised. This is unsurprising, as 73% of passwords used online are duplicates

A little over a week later, on May 7th, it was discovered that hackers had infiltrated the system and placed ransomware within the network. The company was made aware of the breach when an employee discovered a ransom note, demanding $4.4 million dollars worth of cryptocurrency, on a system in the IT network. The pipeline immediately began shut down protocols and an hour later the largest distributor of gasoline for the Southeast and East Coast had ground to a halt. The 5,500 miles of pipeline were shut off for nearly a week, causing a ripple effect of gasoline shortages and panic buying among consumers.  

Colonial Pipeline gave into the hackers demands and paid a $4.4 million dollar ransom. Luckily, the FBI was able to recover $2.3 million dollars of the paid ransom; but Colonial Pipeline still needlessly took a massive financial hit— both via the ransom and halted operations. 

This is not an isolated incident, meatpacking giant JBS was hit by a similar attack on May 31st, and paid an $11 million dollar ransom. There are also reports of the New York Subway and Massachusetts ferryboat operations being targeted as well. 

In fact, the Wall Street Journal has reported that ransomware attacks have tripled in the past year, according to FBI and private sector reports. These attacks do not need to devastate your or anyone’s business. Multi-Factor Authentication has been shown to stop 99.9% of threats to companies large and small. The Colonial Pipeline, JBS, and countless other ransomware attacks could have been easily prevented if they had implemented stronger security measures via Multi-Factor Authentication. 

At Tx Systems, Multi-Factor Authentication is something we specialize in. Our team of experts are dedicated to making sure nothing like this ever happens to your large or small business. Ransomware attacks are devastating and as we have seen, they are increasing at an almost insurmountable rate. Implementing MFA is the only way to ensure protection from attacks and give you the peace of mind that your data is safe.

For more information on the MFA solutions we offer, check out our website at https://www.txsystems.com/multi-factor-authentication.

COVID-19 Solutions

Let’s be honest, last year was hard. Really hard. But with strife comes innovation! Let us help you find technology solutions to make everyone safe post-pandemic. Tx Systems Inc. is happy to announce we have a wide range of solutions in the wake of COVID-19, that can improve lives via touchless environments. See how our technology solutions can improve the health and safety of the people in your organization.

https://www.txsystems.com/covid19-solutions

Aside

BIOMETRIC READERS: Multi-factor Solutions for Enterprise Environments

As the demand for multi-factor authentication solutions increases in enterprise environments, more companies seek programs that incorporate biometrics as one of the security components. Tx Systems, Inc., one of the leading distributors for both multi-factor authentication solutions and desktop biometric readers, has a deep understanding of these two technologies interplay with one another. Here are a few of the emerging brands:

HID LumidigmHID-Lumidigm

The Lumidigm brand is one of the most powerful biometric readers on the market. With the ability to capture subdermal images and monitor blood flow through the fingerprint image, the Lumidigm brand ensures the most reliable live capture image possible.

SecuGen

secugen-hamster-iv-fips-201-usb-fingerprint-scannerSecuGen is one of the most trusted and cost-effective biometric reader brands available today. The DoD, DHS, NASA, as well as many other federal agencies have discovered that the SecuGen reader is a great option for capturing fingerprint images for a wide range of security applications. SecuGen is also a great option for integration projects, where a biometric sensor is required as a hardware component of another application. Examples include door access readers or a vending machine.

Identos TactivoTactivio_finger_swiping

The Identos Tactivo reader for iPhone and iPad still lead the mobile smart card reader industry used by the Federal Government today. However, the average government employee is not using the built in Tactivo fingerprint sensor for these units. Did you know you can program the Tactivo to use fingerprint as a second factor authentication method for enterprise security logon?

 

For more information on how to purchase any of these biometric readers or work with one of their SDKs, please contact us.

Emerging Bluetooth Authentication Technology

As the world becomes increasingly connected through our mobile devices and the Internet of Things, cyber security is increasingly a top concern for organizations. Bluetooth® Low Energy (BLE) is one of the most popular wireless technologies being leveraged for many applications including security. One of the newest Bluetooth® authentication products is from HID Global the industry leader in physical and cyber security. The HID ActivID BlueTrust Token is a Bluetooth®-enabled one-time password (OTP) token that delivers secure One Click authentication automatically to the computer or mobile device via BLE. Use cases include secure login to workstations and laptops, web-based cloud applications or VPN gateways. HID has been at the forefront of mobile technology with all their new door readers coming Bluetooth ready for their SEOS Mobile Access credentials.

 

Companies like HID Global and Advanced Card Systems (ACS) have released Bluetooth®- enabled smart card readers like the ACS ACR3901U-S1 and ACR1255U-J1 NFC Secure Bluetooth® Contact and NFC Smart Card Readers that combine the latest smart card reader technology with Bluetooth® Smart connectivity. HID’s ActivID BlueTrust Token is designed to facilitate on-the-go smart card and NFC applications. It combines the latest 13.56 MHz contactless technology with Bluetooth® Smart connectivity. This compact and wireless smart card reader brings together sophisticated technology to meet requirements of various smart card-based applications. It is intended for use with most Bluetooth®-enabled devices on the market, such as smart phones and tablets.

On the Cutting Edge Of RFID Reader Technology: Elatec & RFIDeas

Elatec and RFIDeas – Two of the leading RFID Reader manufacturers in the world, have been making some serious noise lately with their latest and greatest readers:

Image result for elatec

Elatec has taken an interesting yet effective approach to external printer readers with its new 360 degree TWN4 USB Front reader.

Special features:

This reader integrates RFID (125 kHz, 134.2 kHz, and 13.56 MHz), NFC, and Bluetooth Low energy capabilities into a single, powerful reader and can be easily connected via USB connection.

  • Multi-frequency reader / writer for 125 kHz, 134.2 kHz, and 13.56 MHz tags/ and or labels.
  • Supports all major transponders and ISO standards like ISO14443A/B (T=CL), ISO15693, ISO18092 / ECMA-340 (NFC).
  • Can be used for direct connection to printer.
  • Perfect reader for other various applications as well such as alternative print solutions, healthcare applications, and single sign-on.

 

Image result for rfideas

RFIDeas has recently released their pcProx Plus BLE reader with Bluetooth low energy technology.

  • This reader allows users to leverage either their proximity or contactless employee ID badges, or any 125 kHz or 13.56 MHz tags or labels, for secure authentication and identification throughout the workplace.
  • Card Reader and Bluetooth low Energy all in one.
  • pcProx BLE can be configured to utilize Bluetooth low energy beaconing to serve a wide variety of applications such as in-building location, secure authentication, and even item tracking.

pcProx Plus SP

Another recent cutting edge reader from RFIDeas is the pcProx Plus SP, used for embedded, integrated, and desktop or external mount applications.

  • SIM expansion capability.
  • The small, thin form factor enables various embedded and integrated applications or OEM installations in recessed compartments, as well as external mounting configurations.
  • The pcProx  Plus SP is also compatible with a variety of purpose-built devices such as time clocks, kiosks, or protective enclosures.
  • This reader allows users to leverage either their proximity or contactless employee ID badges, or any 125 kHz or 13.56 MHz tags or labels, for secure authentication and identification throughout the workplace.

 

For more information on these readers and Tx Systems, please fill out this form below and we will be happy to further discuss.

-Christopher Jachetti

 

 

Identos Releases the Tactivo for iPhone 7/8

As of January 1st, 2018, Identos GmbH has acquired and taken over all production and management operations of the Tactivo Mobile Smart Card Solutions line previously owned and operated by Precise Biometrics. The first Tactivo model released under the Identos name is the Tactivo Mobile Smart Card Reader for iPhone 7 & 8.  Its sleek design and snug fit makes it the perfect Smart Card Reader Case for anyone looking for a high level of security with the convenience of a mobile smart card reader.

Tactivo readers can be used for a wide range of applications found in many industries such as healthcare, government, military, and enterprise business. The reader uses multi-factor authentication by combining  smartcard verification and a PIN code in order to provide secure access to resources from a mobile device. It allows the user the peace of mind knowing they can access all of their smartcard-required mobile resources, with the convenient use of their mobile device.

The new model being nearly identical to the Tactivo for iPhone 6/6s, will allow for a seamless upgrade to the new iPhone 7/8 version. As of today, there have been tens of thousands Tactivo Smart Card Readers Cases purchased by US Federal Government agencies including military and civilian accessing OWA emails, NKO, AKO, AF portals and sharepoint sites, as well as countless other non-government entities. With the use of these mobile reader cases, Identos is enabling the DoD to accomplish mission critical tasks that increase workforce mobility, without sacrificing security.

If you are interested in the Tactvio for iPhone 7/8 and would like further information please fill out the contact form below.

Thank you!

NIST 800-171: 12/31 Deadline to Comply

The National Institute of Standards and Technology (NIST) released Special Publication 800-171 pertaining to all DoD and Federal contractors with access to Controlled Unclassified Information (CUI). The publication encompasses the protection of sensitive federal information and (CUI) in nonfederal information systems and organizations. The Defense Federal Acquisition Regulation Supplement (DFARS) set the deadline of the NIST 800-171 compliance by December 31st 2017.

Tx Systems provides Identity, Authentication and Access Control solutions that are sufficient with NIST SP 800-171 to the highest level of Federal Government standards.

3.5.1 Identify information system users, processes acting on behalf of users, or devices.

3.5.2 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. 

3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

nist

In order to satisfy the multi factor authentication and logical access requirements, organizations can implement HID’s ActivID CMS for Windows Logon, Email Encryption and Digital Signing of Documents. Millions of DoD and Federal employees use ActivID CMS which satisfies a multitude of the basic and derived security requirements.

For Access Control and physical protection of assets, Tx Systems can specify and provide physical access control systems from Hirsch Electronics, the DoD’s gold standard of access control. In addition, Tx Systems carries complete physical access systems from HID Global such as Visitor and Contractor Management by Quantum Secure. By implementing these solutions, you can rest assured that your organization complies with the following 3 main portions of NIST SP 800-171:

  1. Physical and Logical Access Control
  2. Identification and Authentication
  3. System and Communication Protection

More information regarding the specific requirements for the different information types can be found in the NIST publication. Tx Systems offers a variety of security solutions that can help your company meet those requirements. Contact us at through txsystems.com or send us an email  at sales@txsystems.com to learn more.

HID Global Releases Next Generation Mobile Authentication

HID Global has announced the release of their latest security solution for Identity and Access Management called HID Approve. As a Value Add Distributor for HID Global, Tx Systems is currently supporting the HID Approve solution in all stages from pre-sales support and qualification to final deployment and ongoing maintenance/support.

HID Approve

HID Approve is a next generation mobile two-factor authentication solution that leverages Push Notifications on all mobile platforms to either Approve or Deny login requests from any number of authentication portals. Whether you are a banking institution wanting to increase login security of your customers, or an enterprise looking to secure network authentication from both inside and outside of the firewall, HID Approve is a fantastic choice to increase identity assurance with a sleek user experience and a friction-less deployment process.

How it works:

HID Approve is powered by the HID Authentication Server which can be deployed as either a hardware or virtual appliance. When the Authentication Server is in place, users simply download the HID Approve app on either Android or iOS and register the app using their user credentials which will link them to the organization’s authentication server. The registration process is made simpler by allowing the user to scan a QR code on the organization’s login screen to connect their device to their existing account. With just a few simple steps, a user can be enrolled into the system and using the HID Approve solution for added logon security.

This solution is also extremely customizable in its aesthetic capabilities. Made with corporate branding in mind, HID Approve allows companies to change the look of the app to include corporate colors and company logos within the app to make it look like an in-house solution. For more information on how HID Approve can increase your authentication security and company profile, please contact us.

-Eric Gregg, Director of Sales