Virya Technologies rolling out Two-Factor Authentication to all clients

Written by 
27 Nov 2013

Security is always top of the agenda in today's society, and here at Virya Technologies we always try to stay ahead of the game in this regard. One of the most important take-home points we learned from attending the Joomla! World Conference was the ease of using Two Factor Authentication to tighten up security - not only for the websites we look after, but also for the servers we manage.

Two-Factor Authentication enhances the standard authentication protocol we use - which generally require a username and a password - by adding in the requirement for something that only you can have in your posession. You may have seen this kind of technology in use in other situations - for example smart-cards are often used in the National Health Service for this purpose.

What really made us sit up and take notice was the implementation of support for Yubikeys in the core of Joomla! 3.2 which was released in November 2013.

 press yubikeyandkeys whiteA Yubikey is a small device which fits on a keychain, and is inserted into the USB drive of your computer  It comes in a couple of different varieties including the standard, Neo, VIP and Nano.  We will be giving customers the option to choose which type of Yubikey you would like to have within your organisation - remember that these can also be used with a range of other applications including the popular LastPass system.

Yubikey in laptopOn pressing the gold button a One Time Password (OTP) is generated for use in an application or anything requiring authentication.

This password can then be checked against the Yubikey that is owned by the user logging in and verified in real time against either the YubiCloud server, or a server hosted on your own infrastructure.

The One Time Password is only valid for that use - it is immediately invalid thereafter - so even if the password were recorded, it would be useless.

How does this work with Joomla?

With our Joomla! 3.2 sites we will simply be enabling 2 Factor Authentication using the core plugins which ship with Joomla. The logins we use in the office will all be using YubiKeys by the end of November, and commencing in December we will be issuing Yubikeys to clients to facilitate Two Factor Authentication for their administrator users.

With sites running lower than 3.2, we will be installing some plugins which allow us to use the Yubikey Two-Factor Authentication system during December, and rolling out Yubikeys to clients during the New Year.

What will it cost?

We will be providing Yubikeys to clients at cost rate - you will require one for every user who logs into the 'back end' of your site as each key can only be associated with one user. Your account manager will be in touch during the coming months to ascertain how many you require and organise despatching them to you. We can also provide clear instructions as to how to implement this system if you would rather set up Two-Factor Authentication yourself.

Why bother?

We have had to recover a number of hacked and damaged sites in the past which have been compromised due to the username and password being guessed, stolen or simply compromised. While adding Two-Factor Authentication does not guarantee your site will not be hacked, it does add an extra level of security. We will also be implementing stronger password security on all sites running Joomla 3.2 and later.

What about servers?

Any clients who routinely interface with their servers via SSH or any other modality will also require a YubiKey to carry out these actions. Our Linux team lead will be in touch with you in due course to ensure that sufficient YubiKeys are ordered and to discuss the implementation of Two-Factor Authentication on your servers.

Last modified on Wednesday, 27 November 2013 16:34
Ruth Cheesley

Ruth is the owner and director of Virya Technologies, having founded the company in 2002 as Essex Virus Removals and later rebranded to Suffolk Computer Services. She is primarily involved with the management team of website design and contact with our customers around the world.

Website: www.viryatechnologies.com

Leave your comments

0 Character restriction
Your text should be more than 10 characters
terms and condition.
  • No comments found

Training Courses

There are no courses in the selected category

Looking for our open source software?

viryasoftwarelogo

We release and support our open source software at Virya Software

Forthcoming events

No events found

Latest tweets

Virya Technologies If you work in Marketing, SEO, SEM, or any related fields and you're based in/around Suffolk, make sure this is on y…https://t.co/p6Pa8rF4dv
Friday, 06 February 2015 08:43
Virya Technologies We will be conducting essential hardware maintenance from 11pm GMT tonight on our Prajna server, which will result in a period of downtime
Sunday, 01 February 2015 14:48
Virya Technologies We are aware of an outage on our shared hosting server Prajna and are working to resolve this urgently
Monday, 13 October 2014 12:43

Follow ViryaTech on Twitter