Entrust Datacard

Multifactor Authentication for Entrust IdentityGuard Cloud Services SSL

Entrust is diligent in ensuring we meet or exceed industry security requirements. One example is the CA/Browser Forum's latest guidelines, "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates," which is effective July 1, 2012.

CA/Browser Forum: Baseline Requirements

Entrust is in full support of this mandate. The protection and authentication of digital identities is one of the key components in securing online transactions or communication. This added level of authentication makes it more difficult for your identity to be misused and your account compromised.

Baseline Requirements:
Section 16.5

The CA SHALL enforce multifactor authentication for all accounts capable of directly causing certificate issuance.

What is Multifactor Authentication?

U.S. federal regulators consistently recognize three authentication factor categories:

  • Something the user knows
    (e.g., password, PIN)
  • Something the user has
    (e.g., token, smart card)
  • Something the user is
    (e.g., biometric characteristic, such as a fingerprint)

Multifactor authentication requires the use of elements from two or more categories, making it more difficult to compromise than single-factor methods. Supplying a username ("something the user knows") and password (more of "something the user knows") is still single-factor authentication, despite the use of multiple pieces of distinct information.

An example of true multifactor authentication is requiring a user to also utilize a token or grid card ("something the user has"), or a thumbprint or iris scanner ("something the user is") in addition to the username and password.

Strong Authentication by Entrust

While Entrust IdentityGuard Cloud Services already offers optional multifactor authentication using userID/password, combined with the Entrust IdentityGuard grid card, multifactor authentication is mandatory, effective June 25, 2012, for ALL service users.

Starting in late May 2012, in addition to their existing userID and password, Entrust IdentityGuard Cloud Service Administrators will be able to choose one of the following second factors:

If you already use two factors, you will not be impacted by this change, unless you choose to switch second factors.

Entrust Makes Transition Easy

Effective July 1, 2012, all public certification authorities (CAs) must comply with these baseline requirements. Entrust Certificate Services makes use of Entrust's award-winning software authentication platform, Entrust IdentityGuard, which provides the broadest range of authenticators on the market.

This enables Entrust to deploy strong multifactor authentication to our customers in a secure, portable and easy-to-use solution, with no additional charges to our valued customers.

Learn More: Entrust IdentityGuard