Overview

DS3 Two-Factor Authentication (2FA) technologies can be easily deployed as simple software PAM plugin within a standalone UNIX Server to secure logins to the server. With the 2FA PAM Plugin, there is no need to connect the UNIX Server to an external authentication system. The entire 2FA happens within the plugin for ease of use and deployment.

Why Two-Factor Authentication?

Logins to sensitive systems using standard UserID and Password is just not secure enough. Simple network sniffing utilities such as tcpdump or freely-available hacking / phishing tools from the Internet will easily enable a malicious user to get hold of the login credentials of an inattentive or overworked system administrator.

This is where 2FA becomes important. By using the DS3 2FA PAM plugin, the root or any other critical account can be configured to require both the password, as well as the OTP (One-time Password) in order to authenticate the administrator. To obtain the OTP, the administrator can have a choice of either a physical hardware OTP token, a software OTP token running in Windows or even a software J2ME token running in the mobile phone.