Uncategorized Skype for Business SkypeShield Smart card for authentication Two Factor Authentication

What’s broken with Skype for Business security and how to fix it

Two factor authentication (2FA) security solutions are gaining popularity as they add a meaningful extra level of protection against phishing, keyloggers, password reuse and other threats.

At the same time, users of Microsoft’s on premises products, such as Skype for Business (Lync) and SharePoint are left behind. The vast majority of Skype for Business users are limited to authentication practices that became insufficient already in the mid 90’s.

Skype for Business offers only one option for securing yourself using two factor authentication – smart cards. These cards work, however, only on a Windows desktop client, making this an option only for organizations that are willing to issue workers smart cards and are not planning mobility deployment in the future.

Using Skype for Business Online (part of Office 365) is problematic as well. Microsoft claims it offers 2FA but it does not work for Skype for Business desktop or mobile. These mobile and desktop clients require “App Passwords”, which only offer one factor authentication.

Enabling Microsoft’s native 2FA, whether on the cloud or on premises, disables essential parts of Lync, such as access to Exchange for meeting info and to any contacts in the Unified contact store.

So what can be done?

SkypeShield hardens Skype for Business security and provides essential new features, which work with Lync 2013 as well as Skype for Business.

It offers device management that allows users to self-register their mobile devices easily, so that malicious parties cannot authenticate, even if they manage to obtain a user’s password.

SkypeShield also offers two factor authentication using existing RSA secure ID tokens or the widely used Google Authenticator as well as plenty of other significant security features.

All of these additional security options protect access to MS Exchange too, providing uninterrupted access to meeting information and contacts.

The writer is Technical lead at SkypeShield