6 Two-Factor Authentication Pitfalls
This paper describes Two-Factor Authentication pitfalls and how to avoid them. These pitfalls are not exclusive to a specific 2FA solution (e.g., One Time Password (OTP), Out Of Band (OOB), SMS, Hard Tokens, etc.) or an implementation (e.g., on-premise, cloud, etc.). This paper discusses specific 2FA pitfalls and is based on TELEGRID’s experience integrating 2FA with network devices and applications. It discusses the proper method to integrate 2FA into a web server, issues with “out of the box” settings and secure centralized authentication and authorization. This paper is written for those with knowledge of web server technology, centralized AAA and user provisioning.