How to implement two factor authentication MFA based on RADIUS protocol?

RADIUS The protocol is often used for authentication in network access scenarios . And will be RADIUS And two factor authentication （MFA） The combination can further improve network security . The question is whether there are available on the market based on RADIUS Two factor authentication scheme of authentication protocol ？ Before exploring this issue , Let's get to know RADIUS Protocol and two factor authentication .

1. RADIUS Authentication protocol

Remote Access dial in user service （RADIUS） Protocols have been in use since the early Internet era .RADIUS Originally used for dial-up networking , It works with enterprise identity providers （IdP） Working together , Jointly support access to network resources . Early adoption RADIUS In many enterprises with authentication protocols ,IdP Usually Microsoft Active Directory And other directory services .
 
With the gradual development of network into wireless access ,RADIUS The agreement has stood the test , And suitable for protection WiFi Network security . Generally, when accessing the wireless network , Can use sharing WPA voucher , but RADIUS The protocol uses the unique user name and password of each user to authenticate , If RADIUS Integration with directory services , Is stored in IdP Personal credentials in . This method can effectively improve network security .

2. Two factor authentication （MFA）

As phishing and other identity based cyber attacks become more frequent , image RADIUS Authentication, an authentication process that relies only on user names and passwords, is potentially risky . Hackers can deceive the world with a little trickery . Regarding this , Many enterprises have begun to add additional authentication steps to the user login process , This process is called two factor or multi factor authentication （MFA）.
 
Two factor authentication usually requires the user to input the user name and password before entering the mobile phone APP Generated dynamic token , Make sure your identity is authentic . therefore , The concept of two factor authentication is similar to zero trust security , namely Users are not trusted when they only show their user name and password , By adding additional verification factors, it provides users with a way to prove their credibility , Effectively ensure login security . A recent survey released by Symantec found that , Using two factor authentication can prevent 80% The identity of .

​

3. Synergy

because RADIUS Authentication is based on user name and password , Therefore RADIUS Adding two factor authentication to authentication can further control network access . Now back to the question at the beginning of this article , What is on the market based on RADIUS The two factor authentication scheme of authentication protocol can be selected by enterprises ？

4. MFA、RADIUS And cloud directory services

in fact , At present, there are few RADIUS The certification service provider can provide two factor certification . however , Identity directory as a service （DaaS） You can integrate the two .
 
DaaS Supporting enterprises of different sizes will RADIUS The authentication server is connected to IdP, The user identity can be automatically synchronized to RADIUS The server . Administrators can also use DaaS The built-in two factor authentication module in the cloud directory enhances RADIUS and VPN And so on .
 
Of course , be based on RADIUS The two factor authentication of the protocol is only Ning Dun DaaS A small part of the function of , Other functions include unified user management , And the user's understanding of the business system 、 The Internet 、 mail 、 Applications 、 Management of access to infrastructure, etc . It makes the The user only needs a set of credentials protected by two factor authentication to authenticate all the credentials within the access authority IT resources , Platform independent 、 agreement 、 Manufacturer or location restrictions .