The PKI Certificate And Two Factor Authentication

One of the most essential components in doing business online is being able to trust a person you may have never met before with information that is potentially sensitive. This could include providing financial information, accepting a contract or making some type of legally binding offer or agreement.

With the need to complete these transactions quickly and perhaps with the individual in a different country, having a secure way to send documents and information back and forth is essential.

This need for a secure way to transmit data is at the heart of the definition of SSL. It uses Public Key Infrastructure and a trusted Certificate Authority to provide the trust factor to be able to share information. It also uses something that is known as PKI certificate two factor authentication.

The Basic Procedure

At Comodo, PKI certificate two factor authentication is part of the security infrastructure offered by our CAC or Client Authentication and Personal Authentication Certificates.

This is a process that a business or enterprise can quickly deploy across their entire system of emails. The IT professional or administrator will be able to request digital certs through our EPKI Manager or Enterprise Public Key Infrastructure Manager. This can be done in minutes, with the certificates delivered electronically to the employee. When he or she opens her email client on the device, the system will prompt for the verification information and then install the cert on the device ready to use.

When the employees enter their data, which will include a password and login, the system automatically creates a unique identity for the user. This is done on our Comodo Two Factor Proxy Server. With the private key easy to install on the device, it is actually completed automatically with our system, the security of the system is quickly established and maintained.

After the initial login and setup of the unique identity, the system will automatically check the next login through ID and password as well as by certificate bound to the private key.

Each and every time the employee logs on through that device the system will complete the same PKI certificate two factor authentication. If either of the two systems, the ID and password or the certificate fail, access to the system is denied. However, if an employee needs to use a different device they can access the system and obtain a single-use password. This information can be provided in the form most convenient including an email, voice call or an SMS text message.

The Benefits

There are other options for PKI certificate two factor authentication out there. Most of these use some types of tokens that are used to create the second of the authentication factors. This is not always a simple process and can lead to a lot of calls to the IT department by frustrated employees and managers.

Instead, by using the Comodo system of PKI certificate two factor authentication, there is no need to modify the current way that your employees are accessing their email. This makes it very comfortable even with employees not technically savvy or comfortable with having multiple steps to be able to log in and use their email for encryption and digital signing.

With the automatic installation of the certificates, there is also much less stress and frustration in the initial stages of deployment. To make it even easier if you have a mobile sales team or for those employees or managers that travel and may use multiple devices to access their email client it is possible to store the necessary certificate on smart cards or USB devices.

The system also helps users with automatic help if they are attempting to connect to the system but are not using the computer or device with the certificate. When the system sees this login attempt, the user will be contacted through the system with their list of contact information they created with their first login.

The employee then chooses the best option for contact and the system will send a one-time password to that contact specified. This is the single-use password that allows the employee to get online and connect with the account. At a later time, the certificate can be added to the device if it is something that will frequently be used.

For more information on how Comodo provides two factor authentication, visit us online at You can read the information in our articles and knowledgebase area or give us a call at +1 888 266 6361.

Related Articles
Back to TOP