Protectimus

Google Authenticator's so secure that I couldn't recover my two-factor authentication settings after hard resetting of the phone. And it was really hard to recover access to some accounts and some even remained locked forever. Now I'm not convinced of the real benefits of this app. Also, I've read that authentication apps can be vulnerable to viruses. I decided that I dont want to use my phone for two-factor authentication anymore. And its not secure to receive PINs via SMS or emails. Actually, I've been almost through with finding some new ways.

Then I have read about physical devices (tokens). I was interested in it and I've found out that not a lot of companies make their own tokens and not all of these tokens fit services I need to protect. For example, you can buy tokens in companies like Vasco, Gemalto, SafeNet, RSA, but these tokens won't help you to protect your Google or Coinbase account, etc.

But there are also such tokens like Protectimus Slim Tokens - hardware devices which fit many different services and are advertised as a hardware Google Authenticator substitute. So recently I've ordered one. Just to test it with my Google account. It's small, independently generates one-time passwords without the Internet, and I like that I'll find out immediately if somebody will steal it. It's sad that you can use one token with only one account. And to set it up you need only Android smartphone with NFC. I had to ask my friend for help, as I use iPhone. But it's safe and the price is reasonable if compared to other products.

I use this token only 2 weeks that's why I haven't seen any negative points yet. I'll be very pleased if somebody who uses tokens longer will write their own opinion about Slim Token.

I have decided to make a review about my first experience of implementing 2FA in my company infrastructure. My company works with databases of several large insurance companies, so the security of personal data is a priority for us. After a certain unpleasant experience, appeared the question about the insufficient protection of the system from unauthorized access. I decided to approach this issue in a comprehensive manner.

From first sight the task was simple enough: to organize additional safety with the minimum corrections in working process as quickly as possible, and at the same time to facilitate the employees' access to corporate resources.

After the market monitoring, I faced certain problems: giants of this business were not able to help me in the shortest possible time (in most cases, even to get the commercial offer, you need to sign an NDA), other companies didn't answer for several days, sometimes even weeks, some companies didn't provide hardware tokens, etc.

When I found Protectimus guys, they responded quickly, suggested several solutions and a wide variety of OTP delivery options. SaaS solution seemed the best option for us as there was no time to deploy authentication servers, configure firewalls, etc. An integration took a while (special thanks from my developer for the ready-to-use SDK for Java), but their development team answered all our questions and was very supportive.

To reduce the costs, we decided to go with software in-app tokens and OTP delivery via chat-bots in messaging apps. But we also ordered 20 hardware tokens (Protectimus Two) for the employees who don't want to use their smartphones for authentication.

As a result, I have a modern protection against unauthorized access and monitoring/management of the employee's activity/access in a suitable web-interface. I hope that my feedback was useful and in case of additional questions you can contact me on Facebook.