Two-Factor Authentication Best Practices

Given that two factor authentication (2FA) is a safer way of securing your logins, it may even be considered a best practice in and of itself! Though, as long as you’re opting to use PortalGuard’s two factor authentication to secure your environment, it doesn’t hurt to keep in mind some additional best practices regarding the feature to guarantee that you are getting the most out of your extra layer of protection. Here are a few best practices we feel are good ideas to keep in mind when using PortalGuard’s two factor feature.

    Select the right factor for the job.

PortalGuard offers a variety of ways for delivering a second factor during the login process: SMS text messages, the Google Authenticator app, email, a hardware key such as Yubikey and more. Be sure to take the time to select the 2FA method that’s right for you, and one that preferably makes the experience as easy as possible for your users. For example, one of the most common complaints about two factor is that extra bit of typing to be done for an OTP, though by utilizing a hardware token such as Yubikey, that pain point is eliminated almost entirely.

    Contextual Authentication complements the layered approach

PortalGuard’s Contextual Authentication - which uses information about the time of day, the user’s location, and other context-based data to ascertain whether the login is an authentic one - adds yet another formidable layer on top of an existing two factor setup that is not only painless to implement, but also increases security significantly. What’s more, Contextual Authentication is done entirely in the background, so the user will have no extra steps or concerns during their login.

    Obscure your printed one-time passcodes

For those days when you’re feeling a bit forgetful, having a printed sheet of one-time passcodes can be a lifesaver - especially if you’ve left your second factor, such as your phone or Yubikey at home! Though, it is important to note that printed OTPs should be kept on hand in a way that is difficult to be obtained by anyone else. Be sure to take extra caution about where they are kept, and how they are labeled (preferably with no label at all!). You can even go the extra step of obscuring them by writing them in a way that only you know how to read.

For more information about two factor authentication methods, see our two factor authentication page . For more information about Contextual Authentication, see our dedicated page.