Categories
  • Blog
  • PROspectives
  • Give the Gift of Cybersecurity with MFA and SSO

    You work with sensitive data that needs protection. But you also don’t want to be bogged down by inputting passwords all day long. For these reasons, PensionPro offers the options of Multi-Factor Authentication and Single-Sign On Authentication.

    Cybersecurity is the practice of protecting devices, networks and data from cyberattacks. Cyberattacks can be as complicated as a full-out attack on your system, or as simple as an attacker signing in as someone they are not. Recent studies have shown that the most common cyberattacks occur when users are tricked into sharing information with the would-be cybercriminals.

    One method you can use to secure your PensionPro account (and all your clients’ data!) is called Multi-Factor Authentication (MFA). You’ve likely already encountered MFA if you use online banking, make online purchases or even use social media.

    MFA is when an online service sends you a confirmation code (usually by text or email) which you are then required to input before you can sign in. The premise of MFA is that even if someone were to get ahold of your username and password, they’d still need access to your phone or email to sign in as you. Pro tip: it’s for this reason that the password to your email should be different than your other passwords.

    PensionPro allows firms to manage MFA for their Employees and for PlanSponsorLink (PSL) Users. Information on how to turn on MFA for Employees and PSL Users can be found in our Help Center articles by searching “MFA”.

    We understand that verifying your identity with a passcode every time you login would be cumbersome to some users, so PensionPro only requires users to re-authenticate under certain circumstances, such as signing in from a new location or every 60 days, whichever comes first.

    Additionally, PensionPro offers the option of Single-Sign On Authentication. Single-Sign On Authentication (SSO) is a method of verifying your identity through a third party before you can sign on. If you’ve ever used the “Sign in with Google” or “Sign in with Apple ID” elsewhere on the web, you’ve already experienced something similar to SSO. SSO works with a company called an Identity Provider (IdP). An IdP is a third-party service that acts as a middleman between online services: it verifies your identity to the associated websites you visit, without requiring you to input a new username and password for each connected service.

    For example, if SSO is turned on for your firm, you will be able to sign in to PensionPro without inputting a password, because the IdP has already verified who you are and can vouch for you directly. Not only does this give you one less password to remember, but it also makes it more difficult for a potential attacker to access PensionPro with your credentials.

    As the process of setting up an IdP and SSO is quite technical, we recommend speaking to your firm’s IT team or Network Administrator about how to get started.

    As you may have noticed, MFA and SSO work in very different ways, but toward the same end: protecting your data! If your firm wishes to use both MFA and SSO, PensionPro would recommend utilizing the MFA settings offered by the firm’s chosen IdP, which will integrate more effectively with SSO security.

    In conclusion, PensionPro takes your cybersecurity very seriously while also understanding the need for a smooth sign-in process. If you’d like more information about MFA or SSO, please reach out to the Help Center by creating a ticket or by emailing [email protected].

    Rachel Eby

    Software Support Specialist