Mobile Authentication

User authentication for your mobile devices including tablets and mobile phones.

What Features Are Included in WorkforceID DCM that Will Save Me Time and Money?

The 2022 Credentials and Credential Management BIG DEAL!

A reliable, easy-to-adopt and comprehensive credential solution is in this article.

With the HID Crescendo Type-C Security Key, you can login to your Windows-based tablet at work without the reliance on passwords.

Are you tired of keeping track of the smartphones, tablets and workstations used at your company’s offices, and need a solution that supports not only Active Directory but macOS-based workstations?

So, whether you are in the business world in sectors such as infrastructure, healthcare or finance or are in state and local governments, WorkforceID Digital Credential Management has you covered.

Do you want an all-in-one software suite that actually allows for users to manage their own devices to take more of the workload off your plate?

Well, HID WorkforceID Digital Credential Management is the next step for your business to manage all of the credentials that your employees have and use on a daily basis. With the many devices that we all use day-to-day, you need a solution that is both reliable and easy-to-use for your users, that is where Digital Credential Management comes in.

With Workforce ID Digital Credential Management, you have the ability to support your hybrid workforce by allowing for your employees to login remotely while managing their credentials all online and in one integrated platform.

With a cloud-based foundation and a subscription-based model, you will not think about any sort of troubleshooting.

There are many more features that you can find out about down below!

But, before we start talking about the features, let us speak about who HID Global and Tx Systems are.

REACH OUT today about the WorkforceID Digital Credential Management offer today by calling us at 858-622-2004 or sales@txsystems.com.

Who is HID Global?

This Irvine, California-based cybersecurity company founded in 1991 as Hughes Identification Devices has technology solutions used in more than 100 countries over 2 billion trackable objects. It is a 650 employee manned-subsidiary of ASS ABLOY AB which has a over $3.2 billion of revenue in the locking solutions sector.

It is a trusted leader in the delivery of secure identity and logical access cards (iCLASS, SEOS) and hardware (OMNIKEY product line). These are reliable solutions that provide businesses with the protection that they need to lock down their physical and digital assets, so they can continue to provide their customers with exceptional service.

The official logo for HID Global.
HID Global is a leader in cybersecurity solutions from physical access control to logical access, your business and its needs are covered.

Who is Tx Systems?

Tx Systems knows a thing or two about credential management and identity solutions as we have been in the business since 1997 and have worked with some of the largest players (Fortune 500) in multiple verticals. We are the ideal reseller of major smart cards types conforming to ISO 7816 (Smart Card Industry Standard) and smart card readers, from trusted and respected manufacturers such as HID which we are an official Platinum Partner. We also offer many MFA (multi-factor authentication) solutions from HID such as WorkforceID Digital Credential Management along with DigitalPersona which we support with our one-on-one technical support, so you will not be left in the dark.

With Tx Systems, you can rest assured that your data is secure for your business and its unique needs.

The Tx Systems Official Logo.
Tx Systems is a trusted reseller of smart cards and their readers. We are an HID Platinum Partner.

Features:

  • Provides Secure Access: to your business’ VPN (Virtual Private Network), cloud and web applications such as productivity software and Windows-based shared workstations through Azure Active Directory (AD) and physical access control to your office building
    • SUPPORTS BOTH PHYSICAL AND LOGICAL ACCESS to save money from needing to invest in multiple solutions for both applications
A user presenting their HID Crescendo 2300 Smart Card to an HID-branded PACS (physical access control system) door reader.
The HID Crescendo 2300 Smart Card can be used as both a physical access card and a logical access card meaning that you save money from needing two different formats of cards.
  • FLEXIBLE use cases for WorkforceID such as secure printing, email and file encryption and digital document signature to ensure further security for entire organization
  • Compliant with Major Industry Standards/Regulations: NIST, FIPS, GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), HIPPA (Health Insurance Portability and Accountability Act) PSD2, PCI-DSS, GLBA, SOX, SP800-171 (Controlled Unclassified Information), CJIS, NY DFS 23, NYCRR, IRS pub 1075 (IS Guidelines for Federal, State and Local Governments) and NERC-CIP
  • Strong Security and User-Friendly: PKI (Public Key Infrastructure) certificate management on Crescendo 2300 Smart Cards, Crescendo 144K FIPS or other offered third-party solutions which allows for both PKI (Public Key Infrastructure) and OTP (One-time Password) credential management to be much more streamlined
  • PIV-compatible: Integrates with Windows Active Directory (AD) and Azure Active Directory (AD) on Windows 10 and 11 (64-bit edition) workstations but also works well with macOS 10.15 (Catalina) and 10.16 (Big Sur) workstations for a wide support of major operating systems to be easily deployed in your office
A user presenting their HID Crescendo 2300 Smart Card to an HID-branded PACS (physical access control system) door reader.
The HID Crescendo 2300 Smart Card works readily with Windows 10 along with macOS meaning that it supports the major operating systems used in offices today.
  • An Understandable Web Portal for Employees: Employees have the ability to reset PINS and manage their work devices such as security keys, OTP (One-Time Password) tokens and more while adding additional credential hardware devices when needed
    • Report lost devices and easily issue new devices to replace the old device
    • Credentials are managed for the entire time that the employee is employed and can be deleted once they leave
  • Ease of Deployment and Maintenance: All-in-one cloud-based web portal that creates, manages and uses credentials for both hardware and software saving maintenance time as you have the latest updates and patches
  • Saves Money: Supplemental material and software licenses are not costly given the cloud-based subscription format
  • Easy Renewal: Subscription license per user per year  
  • Choice of Trust Model: HID WorkforceID Digital Credential Management takes care of the certificate authority portion of management which can either be Publicly or Privately managed which are of no additional cost for PKI (Public Key Infrastructure)
    • Allows you to use MFA (multi-factor authentication) without hassle
A user tapping the HID Crescendo USB-C Security Key on a Windows-based tablet in a DropBox login setting.
The HID USB-C Security Key has the ability to login to web applications such as DropBox in lieu of relying solely on passwords.
  • Reliable: HID’s WorkforceID webportal uptimes are 99% available for both the management of the Digital Credential Management portal as well as for using the portal for PKI (Public Key Infrastructure) validation allowing for seamless workflow
  • 24×7 Customer Support: You have the technical support that you need wherever you are in the world.
  • Leave a Paper Trail: Status and audit reports are available for download to meet compliance requirements and reduce liability costs.

Where Can I Find Out More About WorkforceID Digital Credential Management?

Breathe a sigh of relief knowing that you have solved your credential hassles at work! You have achieved the goal that you set out today at work and have found a solution to make your boss happy.

Take advantage of our latest deal with HID Global where you can save on a year-free of HID WorkforceID Digital Credential Manager when you purchase an order of 100 HID Crescendo Security Keys or HID Crescendo 2300 Smart Cards. Utilize both of these technologies to not only login to your workstation but also access your business’ locations.

REACH OUT today about the WorkforceID Digital Credential Management offer today by calling us at 858-622-2004 or sales@txsystems.com.

CALL US
EMAIL US

Author: Carl Hughes, Sales/Marketing Specialist

A technical hobbyist interested in learning the nitty-gritty of computers.

How Can Biometrics Help You Secure Your Business, and How Can Tx Systems Protect You?

Estimated Reading Time: 10 minutes

You may not have thought about anything besides passwords as they have become ingrained into our interactions with the web and our various accounts online, but there are some nifty methods out there. These login methods come right out of Star Trek!

Have you ever thought about logging into your Facebook account using facial recognition, fingerprints or voice activation?

Biometrics such as the color of your iris or the patterns of your fingerprints offers a stronger way of account login. It certainly would take more time for a hacker to steal a fingerprint than crack a password because they would have to physically lift it off a surface that you had touched. Many of these hackers come from all over the world, so they would not have direct access to your day-to-day life where you leave your fingerprints everywhere.

So, by adopting biometrics, you are making it harder for them to access your account thereby, creating another hurdle increasing the chance that your data stays safe.

If you are wondering what biometrics are, and what they are used for then take a look at this video here from IDEMIA which is one of our partners.

As SecuGen (est. 1998), a reputable and well-known U.S. fingerprint reader manufacturer, sells many fingerprint readers that conform to standards such as FIPS 201 and ISO 19794-4 which ensures that fingerprint images are read accurately and stored with the utmost care. Specifically with FIPS 201, it was established by the federal government for authentication of their employees, so you know that these devices are going to be much harder to crack.

The Hamster Pro 30 is the newest product in the Pro line and has a better fit for those with larger hands while still maintaining an ergonomic appeal and high levels of security by adhering to FIPS 201 for PIV standards and Mobile ID FAP 30.

Hitachi (est. 1910) is a household electronics conglomerate based in Tokyo, Japan that is focused on developing solutions to place the world on a positive track towards solving wide spread problems such as climate change and health concerns. It offers both the Hitachi H-1 Finger Vein Scanner along with the Hitachi VeinID Five Windows Password Replacement to login to your Windows workstation. Hitachi has a long history of working in developing camera equipment, laptops and TVs. As a result with these fingerprint scanners and their imaging capabilities, you can be assured that their passion for electronics and the quality of their products show up here.

The Hitachi H-1 Contactless Finger Vein Scanner will take your Windows login scheme to the next level with the ability to see beyond your skin while being entirely non-invasive.

Kensington Computer Products Group (est. 1981) is well known for their physical laptop security with the ubiquitous Kensington lock showing up today in many laptop products. With a headquarters in Burlingame, California, it knows a thing or two about logical access and offers fingerprint readers in addition to physical locks to ensure that an intruder would not only be unable to steal your physical laptop but be prevented from accessing your data on your hard drive.

The Kensington VeriMark Fingerprint Key is a mobile-forward fingerprint reader that can fit easily on a key ring for on-the-go authentication.

Identos (est. 2014) is a German-based cybersecurity company that is focused on identity access management for mobile devices from organizations in industries such as government, healthcare and financial services. Their products include smart card readers and fingerprint readers for easy MFA (multi-factor authentication) applications.

The Identos Tactivo Smart Card Reader and Optical Sensor is a perfect combination for MFA purposes when you need on-the-go login into your online accounts through your Android smartphone.

What Are Some Examples Of Biometric Controls?

What is Facial Recognition, and How Does It Work?

By creating an extremely expressive facial expression, it will make it much harder for a hacker to copy that photo to use as a login tool. Given how long passwords have been around and the many tools at a hacker’s disposal, they would rather use a tried-and-true method such as password cracking than make the attempt to test out the waters with biometric methods.

Facial recognition works through the front-facing camera that is on your phone or web camera on your desktop. With this facial scan, it recognizes certain key aspects of your face to form a better identity of who you are. This depends on the implementation used, but it could be from multiple pictures captured at different angles. This is then stored for future reference to unlock your phone. You are then prompted to place your face in front of the camera the next time your try to login.

Facial recognition supports logical access functionality by scanning your face to register features that are unique to you.
Photo by cottonbro on Pexels.com

What is Voice Recognition, and How Does It Work?

Voice recognition is one of the next waves of biometric login that is slowly starting to be adopted in industries such as banking for its ease of use and its application in account verification.
Photo by Pixabay on Pexels.com

Voice recognition uses the unique voice that all people have and tries to identify the person on the other end. Given that everyone has a unique voice based off phonetics and morphology, this will make it much harder to crack. In addition, wide spread adoptability will be much easier given that many people are used to interacting with voice activated systems such as smart speakers such as Alexa and Google Home.

To use this, a microphone is all that is needed which is included on all smartphones today. A few situations were this would be ideal include:

What is Fingerprint Reading, and How Does It Work?

Want to use the minutiae (patterns) on your fingerprint to login to your computer at work? We offer fingerprint readers from SecuGen that will provide a strong peace of mind for you to keep your documents away from any intruders at work or wherever you decide to work. You might be wondering if this person could use a fake finger with your fingerprint as a model or on Scotch Tape. However, the concern over fake fingers is also not to be worried about as there is Fake Finger Rejection which will detect silicone or 2D/3D models of fingers and their fingerprints. If you are leaning more towards Kensington products, they also have your back with an extremely low False Rejection Rate (FRR) of 3% and a False Acceptance Rate (FAR) of 0.002% meaning that you will not be locked out of your account while also making sure that unwelcome guests are kept at bay.

Adhering to standards set by the FBI, FIPS 201 and FAP 20 Mobile ID requirements while accounting for difficult fingers using a proprietary Smart Capture technology, SecuGen is prepared to handle secure authentication. They also have their SEIR biometric technology which is also included with their advanced optical sensors which allow for these fingerprint readers to be perfect for PIV smart card applications. With encryption technologies used to store fingerprint data, you will not have to worry about the templates being intercepted and reengineered.

All of this sounds great in theory, but where can you use this? These readers can be used in physical access control, POS systems, employee attendance and many more applications. They are all fantastic for MFA or multi-factor authentication for both server-based and cloud-based applications in use at your business which include Dropbox, GitHub and the Google Suite depending on the fingerprint reader in question. That along with securing email, web browsing and document access and signing.

Ultimately, SecuGen’s fingerprint readers are durable, reliable and are easily usable by anyone looking to secure their business regardless of their finger’s condition and offer the comfort of an ergonomic design. All are very quick and have a verification time of less than five seconds.

Overall, most of the fingerprint readers that we offer will work with major operating systems such as Windows, macOS and Linux and work via the USB interface. SecuGen’s fingerprint readers are compatible mainly with Windows, Linux and Android operating systems whereas Hitachi offers Windows support only. For mobile fingerprint readers, be aware that the models will be specified to the operating system that they are compatible with whether that be Android or iOS.

Do Any of Your Fingerprint Readers Also Come with a Smart Card Reader?

Some of these readers also incorporate a smart card reader with the fingerprint reader leading to an easy implementation of MFA for your workstation. The models listed below will fulfill what you are looking for.

The SecuGen Hamster Pro Duo CL USB Fingerprint Reader incorporates a contactless NFC-based interface meaning that it would be ideal for supporting contactless payments.

Smart Card Reader/Fingerprint Reader Combination:

SecuGen Hamster Plus USB Fingerprint Reader
The SecuGen Hamster Plus USB Fingerprint Reader is an example of a sole fingerprint reader without the extra smart card reader included.

Readers We Sell:

Fingerprint Sensors We Sell:

For portability and use with mobile devices such as smartphones and laptops, take a look at the fingerprint readers below!

The Identos Tactivo mini combines support for iOS will allowing for both support of fingerprints and smart cards in one device. Talk about being perfect for MFA on-the-go!

Mobile Readers We Sell:

When relying on finger veins with the Hitachi H-1 Finger Vein Scanner, you are using a method that is both internal and unique to every human being. No more fears of having your fingerprint lifted and used!
Photo by cottonbro on Pexels.com

What is Finger Vein Scanning?

For even more secure Windows login compared with fingerprint reading, take a look at finger vein scanning which is able to take a picture of the blood veins within your hands. No two blood veins are the same, and it will only work with a live hand. It is almost impossible to replicate these vein patterns given that they are internal and that the templates which are used to verify the veins are encrypted and unable to be reverse engineered.

Unlike fingerprint reading, this is completely contactless as the finger does not need to touch the glass bed in order to verify your identity. It is extremely fast to authenticate with a less than 2 second time window.

It is perfect in applications that require high levels of security such as in financial institutions and physical access control for those in charge of valuable financial assets such as bullion and high-value bearer bonds. It is also great for logical access control on Windows-based workstations with Windows 7 or higher versions.

Hardware/Software We Sell:

Tx Systems Is A Trusted Source For Biometric Hardware/Software

If you are located in the U.S. and want to start implementing a finger print authentication scheme for your business then we have a wide array of options from SecuGen along with portable options from Identos and Kensington. We carry even more product from SecuGen including their embedded readers for OEMs such as the SecuGen U10 USB Fingerprint Sensor and their classic iD-USB SC/PIV Fingerprint Readers. With the security and ease-of-use of fingerprint reading, robustness of security protocols that they adhere to and the quickness of authentication, you can trust SecuGen to secure your physical and logical assets. We a certified distributor of SecuGen products among other hardware manufacturers such as Identos and Kensington meaning that we are trusted to properly support you on your journey with these amazingly, advanced fingerprint readers. Tx Systems has over twenty years of experience in the cybersecurity space and has provided our products to some of the largest players (Fortune 500) in multiple verticals.

Please visit our site to see our wide selection of biometric readers from leading manufacturers such as Kensington Computer Products Group or SecuGen!

Where Can I Find Out More About Biometric Readers?

If you would like to learn more about our biometric hardware and software selection then feel free to give us a call at 858-622-2004 or email us at sales@txsystems.com, and we would be happy to help.

Author: Carl Hughes, Sales/Marketing Specialist

A technical hobbyist interested in learning the nitty-gritty of computers.

How to Login to Google Using a FIDO KEY FAST (YUBIKEY Security Key Compatible)

EXPECTED READING TIME: 10 minutes

MFA or multi-factor authentication is growing in popularity thanks to its ease-of-use and enhanced security to your online accounts.

If you are looking to set this up to login to the Google Suite which includes apps such as Drive, Gmail, Hangouts and YouTube then you have come to the right place. This simple guide will walk you through setting this up and will appeal to those who like to read instructions and watch them.

Who is Tx Systems, and why is this blog the BEST for Finding the ANSWERS you need for your technical support needs?

Tx Systems Blog is the ONLY blog that you need to answer all of your tech support questions for your cybersecurity needs. Forget about the manufacturer’s site, all you need is to read a blog article and you will have all your questions answered. We are a trusted partner, having started in 2001, with the largest smart card companies in the market such as ACS, HID Global and Identiv and have worked with some of the largest players (Fortune 500) in multiple verticals. We look forward to protecting both your physical and digital assets!

THIS IS EXACTLY WHAT YOU CAME FOR!

Steps:

Before you get started, you will need a security key.

If you are looking for smart card readers, look below at some of the options that we sell.

List of FIDO-compliant security keys offered by TxSystems:

A recommended security key would be the Identiv FIDO2 NFC Security Key which comes with the FIDO cryptographic keys stored on the USB drive’s circuit board. To provide enhanced security, it is programmed to change when used on different websites.

The Identiv FIDO2 NFC Security Key will login into many of the web applications that you use on a daily basis such as Facebook, Google and Salesforce.

The Identiv FIDO2 NFC Security Key is essentially a durable, plastic flash drive in terms of how it is set-up; however, it is not meant to store your files as a flash drive is. Within its internal circuit chip, it houses all of the security protocols and code for it to be used for website login. It also includes an NFC antenna within the device; hence the NFC support. The electrical contacts are also made to resemble USB ports; however, some have a split USB with only half a port because it does not have a strong electrical output.

*To find out what FIDO means, take a look at our blog article “What does FIDO (Fast IDentity Online) mean?”

Most people tend to not think about how flash drive works but taking the time to understand it will probably build your appreciation.
  1. Take your security key out of its packaging and be sure to avoid scratching the electrical contacts as this will effect its connection with your computer
  2. Keep the FIDO security key in your line of sight to avoid losing it.
    1. These devices are extremely small and can slip between cracks readily.
      1. For example, the Identiv FIDO2 NFC Security Key is less than 2 inches on all sides so losing it may be the easiest thing that you do with it!
  3. For pairing this with your Google Account, take a look at “Use a security key for 2-Step Verification” from Google Account Help.
    1. 2-Step Verification or what is commonly known as MFA (multi-factor authentication) means that you will need to provide two forms of credentials to login to your Google account such as a text code, phone call, mobile prompt or password.

*MAKE SURE THAT YOUR BROWSER SUPPORTS THE SECURITY KEY:

  • Chrome
  • Firefox
  • Safari (13.0.4 or higher)

*Not all devices support security keys

4. Before accessing these settings, you may be prompted to verify your identity by entering your password in and then having your phone number required as this will allow Google to provide an additional means of verifying your account if your lose your security key.

  • Phone prompts
  • Verification codes
  • Second security key
  • Backup Codes
  • App-based codes such as the Google Authenticator app
  • Look under Security Key to select the link that states “Add Security Key”

You will be prompted with “Choose your security key” which you will want to choose “USB or Bluetooth”

  • From here, you will be prompted to plug your security key into your USB port where you will want to tap the security key button for devices such as the Identiv FIDO2 Token or the Hypersecu HyperFIDO Pro Mini which will actually light up when needing to verify your identity (as seen by green and orange LED lights flashing rapidly).

*Actions include tapping, pressing, insertion/reinsertion or a mix of these actions

5. Depending on the model that you purchase, you may have a USB Type-A or USB Type-C port. Certain FIDO security keys have both options available such as the Identiv FIDO2 Key, the HID Crescendo Key and the Hypersecu HyperFIDO Titanium Pro.

HID CRESCENDO KEY

SEAMLESSS SET-UP

STRONG AUTHENTICATION

SUITABLE FOR ON-THE-GO AUTHENTICATION

START MFA TODAY!

  • If you are using a macOS-based system, it would be best to choose the USB Type-C as the USB Type-A are being phased out on macOS computers. PCs are much more common with USB Type-A ports.

6. Lightning connectors on macOS computers are not the same as USB-C ports. Although, they look similar, they are different standards. The Lightning connector is a proprietary connector that was designed for Apple devices whereas the USB-C port was designed to be used on a wide variety of systems and devices (Both macOS and Windows-based computers)

7. Click next, you will need to name your security key which can be anything you like.

8. Once that is set-up, you should be prompted to sign-into your account by touching the security key for verification whether it is a button, fingerprint or simply having it in the USB port, you are now logged in without having to use a password for it.

You may be asked by your browser for it to allow it to see the “Manufacturer” and “Model” of your FIDO security key.

9. By clicking “Allow“, you will be able to have the browser access this.

Here are some videos that should clear up this process as it can kind of be a doozy to try and find it.

10. After setting up the uTrust FIDO2 Token, upon the next login, you will be prompted to enter your password which will then take you to another screen to touch the security key.

You can also choose to make this a trusted computer so that you will no longer have to physically touch the security key in the future.

Only do this for home/business computers rather than public computers.

The Hypersecu HyperFIDO Titanium PRO FIDO2 USB 3.0 Security Key is a breeze to configure on Google with its native support for multi-factor authentication. You can also use other security keys such as the HID Crescendo Key.

For driver support on major operating systems, Identiv offers a macOS driver on their website. Operating systems such as Windows, Linux, Google ChromeOS and Android WILL NOT require additional drivers as they have native support.

  • Click here for the macOS driver which will download immediately after you click it.

The Ultimate Resource Guide for Installing Smart Card Readers, Biometric Readers, Security Keys and NFC Tags on macOS

COMING SOON

IDENTIV SECURITY KEY MANAGER SOFTWARE

Identiv is starting to offer their uTrust Key Manager Software as a beta program to test it out. If you are interested in downloading the software after purchasing an Identiv FIDO2 Key then Contact Sales for more information. Upon testing out the Beta program, you will receive three FREE security keys, customer support to lead you along the way and discounts for your first order off Identiv’ site.

  • Check firmware version
  • Display serial numbers
  • Change/reset FIDO2 PIN
  • Load shared OTP secret
  • Transform key into PIV- and PUK-compatible smart card
  • Reset PIV PINS
  • Configure PIV certificates
  • Set-up Windows 10 login

This program will assist in your setting up FIDO2, your one-time password and PIV capabilities for both the uTrust FIDO2 NFC+ Security Key and the uTrust FIDO2 GOV Security Key.

Time to start your SECURE Future with Security Keys

See, that was not hard at all. Luckily, these manufacturers such as HID, Hypersecu and Identiv have made this process extremely seamless. You are now ready to start logging into your online accounts with a simple press or tap.

We are hear to assist on your journey towards implementing security keys. Feel free to contact us at 858.622.2004 or sales@txsystems.com for technical support on your security key implementation.

Author: Carl Hughes, Marketing Intern

A technical hobbyist interested in learning the nitty-gritty of computers.

Five Facts You Should Know About SSO

1. What is it?

If you have ever opted to “Log in with Facebook” or “Log in with Google” to access an account that is neither of those two, then you have used SSO! Single Sign-On, otherwise known as SSO, is an authentication service that allows you to access multiple different accounts while only having to log into one. The process of logging in with another account adds great ease as you don’t have to create or remember credentials for yet another website. Which is the beauty of SSO— it combats password fatigue. When an SSO application is implemented, you have the option of logging onto a portal in which you see icons for Gmail, Facebook, LinkedIn, etc. All you have to do is click one of those and you’ll automatically login without reentering information, since you have already logged into the portal. 

2. The History Behind SSO 

Forbes reports that SSO was birthed in the late 1980’s as an IAM (Identity and Access Management) system. The goal being to help consolidate login credentials for businesses and government agencies. As the world began to digitize, so began the habit of keeping passwords on post-it notes, forgetting and creating weak passwords, and cyberattacks. SSO sought to solve these issues by creating a better way to keep your information secure, not only within but, across internet applications.

3. Benefits of SSO 

Single Sign-On has many benefits, both to business and end users. SSO exponentially increases user convenience, transparency, speed, and security while also being shown to lower IT overhead costs. Only having to remember and input one set of credentials helps you get into accounts faster and with more ease. Transparency is also ensured when using a delegated SSO system: much like when you download an app on your phone and give it permission to access data across platforms— you can easily opt out of sharing. Single Sign-On also increases security by enabling complex authentication policies, randomizing passwords, and enabling re-authentication as needed. Further, implementing SSO also has tremendous organizational security benefits: especially in the way of revoking account access and deleting employee accounts after their termination. If you remember, this is the exact vulnerability that led to Colonial Pipeline being compromised earlier this year. 

4. The Myth that SSO Can Make You Vulnerable 

The argument that SSO may lead to more vulnerability is outdated and can be easily counteracted by proper use and implementation. The fear stems from the worry that if someone got ahold of your credentials they would be able to unlock your entire digital persona— putting all of your applications at risk. But, there is a simple fix for this: enabling Multi-Factor Authentication in order to add a layer of security that can not be hacked or compromised (like a fingerprint or token). By combining Single Sign-On with Two-Step or Multi-Factor Authentication you’ve not only maximized convenience and efficiency, but you have now stopped 99.9% of threats to your accounts.

5. You Can Implement SSO With Digital Persona Premium 

Digital Persona is a software that provides secure access and authentication to users. It is a tool for Multi-Factor Authentication and is widely used and trusted by businesses and government agencies alike. With Digital Persona Premium, you can implement Single Sign-On and reap numerous benefits, ranging from added security to added efficiency. This browser-based SSO Portal gives easy access to SAML-enabled apps. The Password Manager provides Single Sign-On and enforces strong authentication without modifying underlying applications. This feature also has capabilities to securely store, update, and auto-fill passwords. For more information on Digital Persona Premium and implementing Single Sign-On, check out our website at https://www.txsystems.com/digital-persona

Multi-Factor Authentication

What is it and why is it important?

The average American has 150 online accounts. These accounts all have one thing in common, they require the owner of the account to have a username and password. The process of entering these credentials is called authentication: proving you are who you say you are. Unfortunately, this alone is not secure enough especially when it comes to things like online banking or your business. Usernames can be easily found by hackers— oftentimes it can be as simple as knowing their target’s email address. And let’s be honest: passwords are hard to remember, which often leads to people creating very simple ones and using them across multiple different sites. In fact, in 2016 it was found that 73% of passwords used are duplicates. This is very dangerous and leaves you vulnerable to cyberthreats that are easily preventable. 

The solution? Multi-Factor Authentication or MFA technology. By using a secondary form of authentication— what we call a second “factor” you can prevent 99.9% of threats to your business. A secondary factor comes in many different forms, it can be: 

  • Something you have (i.e. a physical device, card, or token) 
  • Something you know (i.e. a password or a pin) 
  • Something you are (i.e. a biometric such as fingerprint or face scan) 
  • Something you do (i.e. behavioral metrics) 

It is important to note the need to combine two different factors. Two passwords, or a password and a pin will not be the optimal solution: if a hacker can compromise one password they can compromise a second just as easily. However, when you combine two differentiated factors (like a password and your fingerprint) the chances of getting breached go down to almost none. Someone can easily steal your password, but it is far more difficult to reproduce someone’s fingerprint!


Tx Systems specializes in providing you and your business with MFA solutions that are easy to implement and incredibly secure. Safeguarding your employees and your business from cyberthreats is of great importance as hacking attempts become more advanced and prevalent. Multi-Factor Authentication ensures a peace of mind that is second to none. Allow our team of experts to find the solution that fits your needs and safeguard your business today. Check out our website for a full picture of all the MFA solutions we offer at https://www.txsystems.com/multi-factor-authentication.

Identos Releases the Tactivo for iPhone 7/8

tactivo_iphone_7_8b

As of January 1st, 2018, Identos GmbH has acquired and taken over all production and management operations of the Tactivo Mobile Smart Card Solutions line previously owned and operated by Precise Biometrics. The first Tactivo model released under the Identos name is the Tactivo Mobile Smart Card Reader for iPhone 7 & 8.  Its sleek design and snug fit makes it the perfect Smart Card Reader Case for anyone looking for a high level of security with the convenience of a mobile smart card reader.

Tactivo readers can be used for a wide range of applications found in many industries such as healthcare, government, military, and enterprise business. The reader uses multi-factor authentication by combining  smartcard verification and a PIN code in order to provide secure access to resources from a mobile device. It allows the user the peace of mind knowing they can access all of their smartcard-required mobile resources, with the convenient use of their mobile device.

The new model being nearly identical to the Tactivo for iPhone 6/6s, will allow for a seamless upgrade to the new iPhone 7/8 version. As of today, there have been tens of thousands Tactivo Smart Card Readers Cases purchased by US Federal Government agencies including military and civilian accessing OWA emails, NKO, AKO, AF portals and sharepoint sites, as well as countless other non-government entities. With the use of these mobile reader cases, Identos is enabling the DoD to accomplish mission critical tasks that increase workforce mobility, without sacrificing security.

If you are interested in the Tactvio Smart Card Reader for iPhone 7/8 and would like further information please fill out the contact form below.

Thank you!

What NIST 800-171 Means for Your Sensitive Federal Information

The National Institute of Standards and Technology (NIST) released Special Publication 800-171 pertaining to all DoD and Federal contractors with access to Controlled Unclassified Information (CUI). The publication encompasses the protection of sensitive federal information and (CUI) in non-federal information systems and organizations. The Defense Federal Acquisition Regulation Supplement (DFARS) deadline for NIST 800-171 compliance was on December 31st 2017. Over the last four years, those federal contractors have implemented the standards at a record pace and have used consulting agencies such as Manufacturing Extension Partners (MEP) from NIST to do so. MEP aids in cybersecurity assessments for individual manufacturers striving for government contracts to increase their customer base. These free self-assessments are provided online in multiple formats: infographics and PDF guidebooks. The MEP provides a plethora of resources to take the initial steps towards becoming NIST 800-171 compliant and winning profitable government contracts. The BEST of these resources is the NIST Self-Assessment Handbook which is 150-pages of insightful advice tailored to various manufacturing situations. However, if you do not feel like reading this entire book then take a look at this NIST SP 800-171 Webinar by NSF International that summarizes crucial points of the NIST Self-Assessment Handbook.

What are some examples of implementations of NIST 800-171 standards?

As the NIST 800-171 standards states, it applies to ANY organizations utilizing non-confidential information in their databases and storing that data in mass storage devices such as flash drives, hard drives (mechanical or SSD) and network-attached storage devices (NAS) among others. Some notable examples include research institutions such as universities that carry out federally funded research projects such as controlled substances testing that are scheduled on the DEA Controlled Substances Act. As a result, universities such as the University of Cincinnati have developed their own NIST 800-171 Compliance Guideline manual which speak on how the university is identifying gaps, who is responsible for doing so and what actions can be taken to fill that gap. In addition, the University of Connecticut has also developed their own NIST 800-171 Security Control Requirements checklist for their Principal Investigator (PI) to use to implement and maintain the federal standards in research settings. In addition, they have tabulated the NIST 800-171 Control Requirements separated from the PI standards implementation to show how they are meeting those standards. Both of these compliance documents are great examples to base off of if you are interested in winning government contracts post-deadline and showcase how to demonstrate your own organization’s commitment towards compliance.

Researcher_NIST_Requirements

Besides universities and government funded research, businesses and financial institutions (state grant agencies, lenders and third-parties) that handle federal student loan information have to comply with the NIST 800-171 and the 109 controls set in place. Given that they have sensitive information such as first and last names, addresses, telephone and emails and most importantly banking and social security identifiers then it is essential that these organizations stay on top of their security. A single breach can reveal extremely lucrative PII (Personally Identifiable Information) for hackers to sell on the dark web or to use for their own financial gains. That is why the NIST 800-171 was revised to include this type of information. For more background on this protection of federal student aid information, take a look at the FSA’s electronic announcement from December 18, 2020. Student Walking towards Campus

To face these challenges, organizations such as EDUCASE have reported on the upcoming plans of requiring self-assessments on organizations with federal student loan data. Although, there is uncertainty on how these will be implemented and the requirements for this assessment. EDUCASE goes into more questions brought on for the FSA to answer and stresses the participation of key stakeholders. To read more on their concerns, take a look at 800-171 Compliance on the Horizon. Overall, the goal of the FSA is to ensure that throughout the entire process of using and storing loan data that it is not misused by bad actors with a proper system to maintain its security. This new standard will be ALL encompassing as most of the information from the FSA will be covered.

What to keep in mind after your NIST 800-171 compliance research?

After your research, you may have found some very large gaps within your data handling. If so, then we have the answers to your dilemma. Tx Systems provides Identity, Authentication and Access Control solutions that meet the NIST SP 800-171 to the HIGHEST levels of Federal Government standards.

These are some of the key NIST SP 800-171 standards:

  • (3.5.1) Identify information system users, processes acting on behalf of users, or devices.
  • (3.5.2) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
  • (3.5.3) Use multi-factor authentication (MFA)/two-factor authentication (2FA) for local and network access to privileged accounts and for network access to non-privileged accounts.

nist

  • To meet the System and Communication Protection requirements, organizations can implement HID’s ActivClient for Windows Logon, Email Encryption and Digital Signing of Documents among application authentication. We also offer ActivClient solutions for MacOS and Linux to support a diverse set of environments. With a WIDE adoption of millions of DoD and Federal employees using ActivClient, it is a STRONG choice for governments and enterprises to utilize for data protection.
  • To meet the Logical and Physical Access Control requirements, Tx Systems can specify and provide physical access control systems (PACS) from HID Global and SecuGen. In addition, Tx Systems carries ADDITIONAL physical access systems from IDEMIA such as their Enterprise Security Physical Access Control Reader. RP15PACS
  • To meet the Identification and Authentication requirements, Tx Systems offers multi-factor authentication (MFA) devices such as tokens and security keys from well-known manufacturers such as Identiv and Kensington. A notable option would be the Identiv uTrust FIDO2 NFC Security Key which supports a variety of web application logins with SalesForce, Facebook and Dropbox.

identiv-utrust-fido2-nfc-security-keys

By implementing these solutions, you can rest assured that your organization complies with the following three main portions of NIST SP 800-171:

  1. Physical and Logical Access Control (Idemia Enterprise Security Physical Access Control Reader)
  2. Identification and Authentication (Identiv uTrust FIDO2 NFC Security Key)
  3. System and Communication Protection (ActivClient)

For more information regarding the specific requirements for the different information types, you can locate them in the NIST publication.

Tx Systems offers a variety of security solutions that can help your company meet NIST 800-171 requirements. Learn more at txsystems.com or feel free to send us an email at sales@txsystems.com.

This blog post was a collaboration between Carl Hughes and Brenda Sayab.

HID Global Releases Next Generation Mobile Authentication

HID Global has announced the release of their latest security solution for Identity and Access Management called HID Approve. As a Value Add Distributor for HID Global, Tx Systems is currently supporting the HID Approve solution in all stages from pre-sales support and qualification to final deployment and ongoing maintenance/support.

HID Approve

HID Approve is a next generation mobile two-factor authentication solution that leverages Push Notifications on all mobile platforms to either Approve or Deny login requests from any number of authentication portals. Whether you are a banking institution wanting to increase login security of your customers, or an enterprise looking to secure network authentication from both inside and outside of the firewall, HID Approve is a fantastic choice to increase identity assurance with a sleek user experience and a friction-less deployment process.

How it works:

HID Approve is powered by the HID Authentication Server which can be deployed as either a hardware or virtual appliance. When the Authentication Server is in place, users simply download the HID Approve app on either Android or iOS and register the app using their user credentials which will link them to the organization’s authentication server. The registration process is made simpler by allowing the user to scan a QR code on the organization’s login screen to connect their device to their existing account. With just a few simple steps, a user can be enrolled into the system and using the HID Approve solution for added logon security.

This solution is also extremely customizable in its aesthetic capabilities. Made with corporate branding in mind, HID Approve allows companies to change the look of the app to include corporate colors and company logos within the app to make it look like an in-house solution. For more information on how HID Approve can increase your authentication security and company profile, please contact us.

-Eric Gregg, Director of Sales

ActivID® Tap Authentication™

HID logo

HID Global is continuing to innovate their product line to support emerging technologies in the Microsoft ecosystem. The latest solution called  ActivID® Tap Authentication™ is the industry’s first solution for secure, fast, easy authentication to Microsoft® Office356 and other cloud-based apps, such as Salesforce.com, from your Android™ phone or Windows® tablet or laptop. This solution is the first of its kind, because it uses the devices integrated NFC reader to authenticate to the card, making ActivID Tap user authentication simple, convenient and cost-effective while adding two-factor authentication to increase security over simple user name and password authentication. Now you can Simply Tap™ the card to the employee’s device to access the applications and services you need to do your daily work.

The solution connects and verifies users in the cloud via a Microsoft Active Directory Federated Services (ADFS) plug-in and HID Global’s Authentication Cloud Service, eliminating the need for on-premise hardware or service contracts to maintain. The user experience is secure and easy to use, and addresses the problem many companies are faced with in today’s BYOD environment.

ActivID® Tap Authentication™ utilizes HID Global’s newest and most secure card technology known as SEOS. The SEOS platform is ideal for corporations who are looking to offer their employees the most secure technology with the freedom to leverage the credentials in future applications, either on a PVC card or digitally for mobile access control.

Tap

Introducing the RFIDeas PcProx Nano- World’s Smallest Prox ID Badge Reader!

RFIDeas recently released the PCProx Nano making it the smallest prox (125 kHz) ID badge reader on the market. Designed for the mobile user, the PCProx Nano’s small size (3 3/8” x 2” x 0.6”, 4oz.) allows users to perform a variety functions like tag/card based two factor authentication, asset tracking or time attendance without the concern of carrying around a bulky reader or damaging a larger dongle style reader.

pcProxEnrollBlackDestop-Web4

As the world increasingly moves toward mobile The RFIDeas PCProx is a perfect fit for lap top and tablet users needing a small, reliable 125 kHz Prox reader. Combining the RFIDeas PCProx reader with the 2FA One two factor authentication software creates a powerful Windows Log On security solution for CJIS and HIPAA compliance along with any two factor authentication requirements.

For more product information on the RFIDeas PCProx reader or to purchase ($179 per) please visit Tx Systems’ website. Additionally, see below for the full feature set overview.

Features

  • Connectors and software interface:
    The standard USB model (Enroll) connects directly to a USB port and can send data as keystrokes or work with the optional Software Developer Kit (SDK). The RS-232 model connects to a standard serial PC COM port and sends data as ASCII. The CDC model emulates a virtual serial device.
  • Compatibility:
    Compatible with Windows CE®/2000®/XP®/ Vista®/7®, Macintosh®, Solaris™, ThinManager® thin clients, and Linux. (Free configuration software required on Windows® operating system).
  • Improves accuracy of information and productivity:
    Eliminates errors associated with individual identification.
  • Versatile mounting options:
    The standard desktop housing allows for easy placement on desktops surfaces or for mounting on kiosks, monitors, time clocks, and more. The new USB Nano housing easily plugs directly into any laptop or tablet with a USB port.
    *Also available in a Surface Mount design.
  • Plug-n-play installation
  • Fully programmable and customizable user defined fields
  • Compatible with millions of cards in use worldwide