Authentication is a process that you tell the system who you are. This is a must have step of any business management system and this is getting more and more critical in the recent days to ensure that the system can only be accessed by a proved user.
So, If that is a must have and important step then what are the options that you should look and consider to apply?
Simple authentication
Said its simple, since you will only need provide a username and a simple structure password that’s managed by a system to get access into it. This option is normally applied by some cloud system such as: cloud CRM, online shopping, or some of social network frameworks. You might feel relax by having that kinds of simple authentication but then on another side it would be easier to be guessed by another person.
So the proposal that you might take for this circumstance is lets configure a more complex, hard to guess password to protect your data. (please see the next option for how a complex password would be).
Complex authentication
For more sensitive business management system, you are recommended to implement more complex structure password or authentication processes. Following are the few options:
- Complex password policy: your password should be combined of various conditions:
- Must have at least 6 characters
- Must include all types of characters e.g capital characters, normal characters, digits, special characters ( e.g !@%^ …)
- Password should be expired and changed in 60 days or 90 days
- Or the current password must not be the same with at least 3 previous passwords
- …
- Implement multi-factor authentication – MFA (sometimes referred to as two-factor authentication or 2FA), this mechanism will add 1 (or more) layer into the authentication process by making it harder for another person to gain the access to the computer or a system because knowing the username and password alone. The common process is after the you already passed the username/password authentication, you will be provided 1 more set of code that you need to key in to be successfully login to a system.
There are few common ways to implement MFA below:
- MFA is done via a token device
- MFA via SMS
- MFA via email
- MFA via Google authenticator
- …
- Implement Single Sign-On (SSO).
SSO is a process that enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This option is more and more widely applied in the business management system implementation since it will ensure the corporate authentication policies are strictly followed and it does not cost extra time for the user to login to different application.
Common SSO options:
- SSO to the local Active Directory (AD) system
- SSO to Office 365 (Azure Active Directory system).
With Azure AD option, the MFA can be also enabled as a part of SSO process.