OTAC auth - MFA for PLCnext
The partnership between swIDch and Phoenix Contact will allow PLCnext controllers
to use swIDch's OTAC, the world’s first one-way dynamic authentication technology
that enables MFA for PLCNext devices via users smartphones.
swIDch's One Time Authentication Code (OTAC) is the world’s first one-way dynamic authentication technology that enables single-step Multi-Factor Authentication (MFA) for PLCNext devices via users smartphones. Once a PLC is protected with our solution, the user can authenticate to PLC utilizing our dynamic 'one-time authentication code' (OTAC) technology. The code is generated on our mobile app (available on Google Play and Apple App store), is valid for a short period of time and even works offline. OTAC combined with device biometrics and/or PIN provides a highly optimized and secure authentication solution specifically for ICS/OT security challenges.
OTAC resolves:
- Password sharing in password-only authentication systems
- Difficulty managing ID/PW specified for each PLC device
- Difficulty managing user changes (leavers / contractors etc)
- Hacking attempts using password cracking software
OTAC Benefits:
- Significantly enhances authentication security on PLC devices, adding MFA capability (without network access)
- Does not require or rely on Public Key Infrastructure (PKI)
- Works on fully standalone / air-gapped PLCs as well as networked PLCs
- No impact to User Experience (UX) - enables single-step login and MFA combined for super fast secure access
- Works for multiple users on multiple PLC devices
- Easy to deploy - installs directly onto the PLC
- No additional hardware required
- Low cost compared to other MFA solutions utilizing PKI
- No more forgotten passwords / password resets, means reduced overheads for OT security teams
- Enforces secure and dynamic login every single time (without having to update passwords)
You can download all the documentation for using the OTAC auth
Why swIDch
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
sufficient to IDENTIFY user
and AUTHENTICATION
off-the-network environment
Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.
OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks.
No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI).
Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.