OneLogin has announced security and customization improvements for its unified login service with the release of its OneLogin Protect 4.0 authenticator. This feature is set to improve the security of its service for the users and administrators of the large enterprises that utilize OneLogin’s protocol. The user authentication flow has been redesigned into a modular and extensible format to allow for a smoother sailing user experience on all devices whilst granting network administrators greater control over the security configurations of the service.
The first major outcome of this redesign is the stand-alone nature of the multi-step authentication barriers. Each step now operates as its own independent barrier demanding valid credentials and responses on its own page irrespective of what was entered before. This heightens the security of the products OneLogin protects.
In line with this, the second major outcome of this redesign is the one-click activation protocol that is optimized for handheld devices. This feature caters well to multi-factor authentication making the integration of multi-factor authentication clients simpler particularly for users who only possess a mobile phone to perform the authentication. Once a user is authenticated, the one-click activation feature allows users to go through the authenticator directly without the hassle of multiple layers of verification as needed in other MFA services.
Although the two feature integrations addressed earlier make for a quicker and simpler authentication process, other security measures such as the need for re-authentication before accessing a sensitive application or data enhance the security of the authenticator. This may pose another barrier between the user and the intended information but it is created deliberately to impose tougher security instead of allowing easygoing access straight to confidential information.
OneLogin crafts its authentication service for its own applications as well as third party services used by enterprises. To improve its release of the OneLogin Protect 4.0 authenticator, the firm has put up a Bug Bounty with significant cash prizes that will be handed out at the OneLogin Bug Bounty Bash on the 8th of August in Las Vegas. Individual security analysts are encouraged to report any vulnerabilities that they come across in OneLogin’s newest release.