Product guide

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 1.0

Example: When using MFA to gain access to protected resources, users are authenticated using their

password and one-time password. Enterprise Authentication grants access when the user successfully

returns the generated one-time password.

Table 4-2 One-time password support

Factor Options

McAfee Message

Gateway cloud

service

Sends one-time passwords to user devices with these delivery methods:

• Short Message Service (SMS)

• Voice

McAfee

Software

Token Pledge

(Pledge)

Mobile and desktop application that generates one-time passwords using

these algorithms:

• Open Authentication (OATH)

• Time-based One-time Password (TOTP)

• HMAC-based One-time Password (HOTP)

• OATH Challenge-Response Algorithm (OCRA)

For additional security, you can require users to enter PINs for access to

their Pledge application.

For more information, see the McAfee Pledge Software Token User Guide.

Simple Mail Transfer

Protocol (SMTP)

Sends one-time passwords to user email addresses.

Hardware token Generate one-time passwords based on these OATH algorithms:

• TOTP

• HOTP

Temporary token If users forget or lose their tokens, you can issue them temporary tokens

that generate one-time passwords.

Certificate-based authentication

Enterprise Authentication supports public and private certificates, which replace user names and

passwords in the authentication process with electronic documents.

Certificates process and validate authentication requests between you and protected resources.

Each certificate includes public and private keys, also known as key pairs, issued by trusted

third-party certificate authorities (CAs). Key pairs include the following information:

• Unique serial number

• User identity information, such as name, telephone number, and email address

• Certificate expiration date

• Digital signature of the CA that issued the certificate

Successful certificate-based authentication between you and protected resources only occurs when the

associated key pair data is verified as current and authentic.

Certificate-based authentication is helpful to avoid:

Plan your deployment

Authentication methods

McAfee Enterprise Authentication 1.0.0 Product Guide