news

Announcing iVerify, Two-Factor Authentication

iVerify tackles the risks posed by password connections

MENTIS Software (www.MENTISoftware.com), the leader in enterprise security and compliance, today announces its latest product, iVerifyTM.  Building on expertise in application and database security, MENTIS adds two-factor authentication to its market-leading suite.  iVerifyTM is formally launched today at OHUG’s Global Conference in Orlando.

Passwords: the weakest link.

A compromised password is the easiest way into a system.  Recent news includes that of a billion accounts hacked; and in May, more than 560 million stolen passwords were discovered in an online database. These are just the tip of the iceberg, and passwords are by far the weakest link in cybersecurity today.

“Passwords are old logic, security that was created long before everything was connected and accessible from the outside,” said Rajesh Parthasarathy, MENTIS’ Founder and CEO.  “It’s time for a new approach, and two-factor authentication is the immediate action organizations should take.”

Until the launch of iVerify, two-factor authentication had been mostly for networks.  “But the easiest entry point today is through applications and databases,” continued Parthasarathy. “iVerify deals with that by bringing two-factor authentication to applications, and we have gone further by adding 2FA for databases – something no other solution offers.”

Weak administrative credentials have been the culprit in up to 80% of security incidents.   One in five people use "12345" as their password, while more than 50% use one of the top 25 most common passwords.   

Many applications are installed with default usernames and passwords.  Most often, the default password does not trigger a requirement to change, but grants full access rights.  Default passwords like “welcome” are known or easy to guess. Two-factor authentication remediates this risk, although MENTIS recommends that customers ALWAYS change the default as a matter of protocol.

Additionally, many systems share administrative username and password combinations. Once inside, attackers can quickly map drives, identify additional targets, and acquire credentials.  With administrative access comes not only access to data but lockout of authorized users and theft of or changes to data.  An attack using administrative access can quickly compromise an entire network.

“Breach after breach demonstrates that passwords are the path of least resistance into a system.  And with many users sharing the same password across a number of log-ins, even a requirement to change passwords regularly is no longer effective,” Parthasarathy said. “iVerify creates a second passcode that the DBA or Developer needs for access, and it expires immediately – thus preventing the sharing of passwords between employees.”

What is two-factor authentication?

Two-factor authentication, colloquially known as 2FA, is a security process in which the user provides two types of credentials to verify their identity.  It is considered the best-practice for remediating the security weakness of passwords as single-factor authentication.

With 2FA, the user is required to provide two of the following three types of credentials:

  • Something the user knows, such as a personal identification number (PIN) or password;
  • Something the user has access to, such as a device to generate a verification code or answer a security question;
  • Something the user is, such as a biometric like a fingerprint or retina scan.

For example: with 2FA, a bank sends a one-time code to an individual’s email address, this code, in addition to the correct password, authenticates the user and allows transactions to continue.

iVerify brings two-factor authentication to enterprise database and application connections.

MENTIS takes two-factor authentication to the next level.  Not only does MENTIS offer 2FA for applications and databases, the only solution to secure both of these critical entry points, but MENTIS also circumvents the risky SMS and email recovery paths.  Recognizing that both SMS and email may be compromised, MENTIS instead provides an independent mechanism, one that can be hosted either on-premise or in the cloud, which will generate a one-time credential to authenticate the user.  The credential expires immediately if not used. 

 “iVerify not only adds that critical second layer of security to the connection, but was designed to be quick and easy to use,” commented Parthasarathy.  “Within seconds, the user will be authenticated and able to proceed with the task at hand.  With our comprehensive platform of discovery, masking, monitoring, and data retirement, our customers have an end-to-end solution, and one with an architecture designed to evolve to meet today’s security challenges. iVerify also continues our tradition of thinking in terms of risk -- avoiding SMS and email in this case – when we design a solution.  And we never take the “tick the box” approach – we are thorough.  Two-factor authentication for applications may tick the box for 2FA, but for MENTIS, that is not good enough – so we built 2FA for databases as well.“

 

RELATED

MENTIS Announces Release 8.1
MENTIS Announces Release 8.1

The data masking and information security suite that helps businesses securely maximize the value...

MENTIS Named To DBTA’s Top 100 Companies That Matter Most In Data
MENTIS Named To DBTA’s Top 100 Companies That Matter Most In Data

MENTIS Software (www.MENTISoftware.com), the pioneer in data masking and enterprise data security...

Announcing iVerify, Two-Factor Authentication
Announcing iVerify, Two-Factor Authentication

iVerify tackles the risks posed by password connections MENTIS Software (www.MENTISoftware.com),...

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
Enter the characters shown in the image.