Rublon

Secure Remote Access

By

Do you want to protect your applications and environments from unauthorized access? Do you need to meet the highest level of authentication assurance? If so, you should know about AAL3 compliance and Rublon MFA.

In this article, we will explain how Rublon can help you achieve AAL3 by using security keys as your second factor of authentication. We will also show you how to set up and use Rublon with your applications and environments, and how to use its features and benefits for your organization.

What is AAL3 and What Are Its Requirements?

AAL3 stands for Authenticator Assurance Level 3. It is a standard set by the National Institute of Standards and Technology (NIST) for authentication mechanisms. AAL3 provides very high confidence that the user controls the authenticator(s) bound to their account. It also requires the use of a hardware-based authenticator that is hard to impersonate or compromise. AAL3 has additional requirements for the authentication protocol, such as verifier impersonation resistance, verifier compromise resistance, and authentication intent.

  • Verifier impersonation resistance means that the user can be sure that they are logging in to the real service, not a fake one that tries to steal their password or other information. For example, if the user wants to access a website, they need to use a special device that can prove that the website is genuine and not a phishing site.
  • Verifier compromise resistance means that even if the service gets hacked and someone steals the passwords or other secrets of the users, they cannot use them to log in as the users. For example, if the user wants to access their bank account, they need to use a device that has a private key that only they know, and that changes every time they log in.
  • Authentication intent means that the user has to confirm that they want to log in every time they use the service, not just once. For example, if the user wants to access their online health account, they need to use a FIDO security key that requires them to touch it or enter a PIN every time they want to log in. This way, the user can make sure that no one else can use their FIDO security key to access their health information without their permission.

How to Achieve AAL3?

Achieving AAL3 can be hard for many organizations. It requires using hardware-based authenticators that support cryptographic protocols and biometric verification. But there is a simpler and more effective way to meet AAL3 requirements: using Rublon MFA, the leader in cloud-based multi-factor authentication (MFA).

Rublon is a cloud-based MFA solution that supports FIDO security keys as one of its authentication methods. You can use Rublon to provide strong, phishing-resistant, AAL3-compliant, and user-friendly authentication based on the WebAuthn standard.

Rublon offers a complete solution for MFA that supports many authentication methods, including security keys that follow the WebAuthn standard. WebAuthn is a modern web authentication standard that enables strong, phishing-resistant, and user-friendly authentication using public key cryptography and biometrics. WebAuthn also works with the FIDO Alliance’s specifications for Universal Second Factor (U2F) and FIDO2, which provide secure and interoperable authentication solutions.

What Are Security Keys and How Do They Work?

A security key is a physical device that you plug into your USB port or connect via Bluetooth or NFC. It provides a second factor of authentication when you log in to an application or environment. A security key works by creating and storing a private key that is unique to each device. It uses it to sign a challenge from the application or environment you want to access. The application or environment then checks the signature using the public key that is linked to your account.

Security keys follow the WebAuthn standard, which allows them to work with any web browser that supports it, such as Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari, and Opera. WebAuthn also allows security keys to support biometric verification, such as fingerprint, for extra security.

Security keys have many advantages over other authentication methods, such as:

  • Phishing resistance. They are safe from phishing attacks, as they only respond to valid challenges from the applications or environments you have registered with.
  • Easy-to-use. They are easy to use, as they only need a simple tap or button press to authenticate.
  • Robust. They are portable and durable, as you can carry them anywhere and they can withstand physical damage.
  • Compatible. They are compatible and interoperable, as they can work with any WebAuthn-enabled application or environment across different platforms and devices.
How to Achieve AAL3 With Rublon MFA

How Does Rublon MFA Support Security Keys?

Rublon is a cloud-based 2FA solution that connects with your applications and environments to provide robust and flexible authentication for your users. Rublon supports many authentication methods, including security keys that follow the WebAuthn standard.

With Rublon Multi-Factor Authentication, you can:

  • Enable U2F, WebAuthn, and Yubico OTP security keys as an authentication option for your applications and environments through the Rublon Prompt or the Rublon SDK.
  • Track and audit security key usage and activity through the Rublon Admin Console.
  • Apply policies and controls for security key authentication based on user groups or applications.

How to Set Up and Use Rublon to Comply With AAL3?

Setting up and using Rublon to comply with AAL3 is easy and simple. Here are the basic steps you need to follow:

  1. Sign up for a Rublon account and create your organization in the Rublon Admin Console.
  2. Integrate your applications and environments with Rublon MFA and set up the settings and policies for each one.
  3. Enroll your users, either by hand or automatically.
  4. Enable security keys as an authentication option for your users, either for all or for some applications or user groups.
  5. Tell your users to register their security keys using the Manage Authenticators view.
  6. Test and make sure that your users can log in to your applications and environments using their security keys as their second factor of authentication.

For more detailed instructions and guidance, check the Rublon documentation or contact support.

Comply With NIST AAL3 Today – Start a Free Rublon MFA Trial

Click the button below to start a Free 30-Day Trial of Rublon MFA.

Start Free Trial

Conclusion

Achieving AAL3 can be a tough task for many organizations, as it requires the use of hardware-based authenticators that support cryptographic protocols. But with Rublon, you can make the process easier and faster by using FIDO security keys as your second factor of authentication.

By using Rublon with security keys, you can achieve AAL3 and enjoy the following benefits:

  • Better security. You can protect your applications and environments from unauthorized access by verifying the identity of your users with two factors of authentication, one of which is a hardware-based authenticator that is hard to impersonate or compromise.
  • Easier usability. You can provide a smooth and convenient authentication experience for your users by letting them use a simple tap or button press to authenticate with their security keys, which can also support biometric verification for extra security.
  • More flexibility. You can choose from many security keys that are compatible with any WebAuthn-enabled application or environment across different platforms and devices, and manage them easily.