Hitachi ID Bravura Privilege controls access to many systems, so is an attractive target for attackers. It makes sense to protect it with the strongest level of authentication available.
It can be assumed that, sooner or later, the endpoint from which at least one authorized user signs into Bravura Privilege will be compromised by malware and user input may be key-logged. This makes login into Bravura Privilege with only a password not sufficiently secure.
Bravura Privilege Solution
- Bravura Privilege can be configured to leverage any and all available credentials -- passwords, tokens, smart cards, etc.
- Bravura Privilege can and should be configured to combine credentials at login time, to require at least two-factor authentication (2FA).
- Bravura Privilege includes its own 2FA technology, combining a mobile app on Android and iOS with password validation against AD or LDAP. The cost of 2FA is no excuse as there is no incremental cost.
- Bravura Privilege can take a fingerprint of the user's browser and, if the user has successfully signed on from the same endpoint before, using 2FA, it can prompt the user only for just a password. This reduces user friction without significantly impairing 2FA security.
- Conversely, Bravura Privilege can require more credentials in high risk contexts, such as unusual time-of-day, day-of-week, or less trusted users such as vendors.
In a high-threat environment, 2FA is no longer an option. Bravura Privilege both existing 2FA and introduces new, zero-cost 2FA mechanisms. This eliminates the cost objection strong authentication.