Multi-Factor Authentication

Discussion created by taylorsharpe on Mar 28, 2013

As security becomes more of an issue, people are looking for more controls and tougher passwords. My standard solution still involves a Directory Service that has more control over passwords. But there are always questions about a hacker guessing a password. More and more my clients have started expressing an interest providing multi-factor authentication.


Multi-Factor authentication means you use something in addition to the standard User ID and password to access a file. One common multi-factor authentication is where you have answered several personal questions (e.g., where you grew up, your favorite teacher, model of first car, etc.). This is easily implemented in a login script that asks you these questions and, if you get it incorrect, closes the database.


One method I like to use is to gather the UUID of computers logging in regularly and put them in an approved UUID table. When a computer logs in, it tests the UUID against the approved UUID table and if it does not match, it takes you to another authentication level. My favorite one is to inform the user they are logging in from an unknown computer and that an email has been sent to the person with that User ID with a code to authenticate who they are. This person has to go to their email to get the code and answer this prompt in FileMaker to access the database. If they get the code right, they then go into the approved UUID table so that this new computer is now authorized. Of course this assumes you have an employee table with each employee's Active Directory User ID and their Email, but most systems have that somewhere. Alternatives are to do things like sending an SMS text message. In the past I had used MAC addresses, but now that FM supports UUIDs, that is better and harder to fake.


Multi-Factor authentication appears to be gaining more interest. In the past, the IT people have been requiring longer and harder passwords which has been very hard on employees. Multi-factor authentications avoids forcing people to use really complex passwords while giving a more secure level of authentication.