Given the prevalence of social engineering attacks through which digital criminals are essentially tricking end users into giving up their user names and passwords, interest in two-factor authentication to thwart those types of attacks has risen sharply.

The challenge is that deploying a two-factor authentication system on premise requires a lot of technical expertise that is hard to come by these days. To address that issue, Okta this week unfurled a two-factor authentication service delivered via the cloud that can either be managed via a standard user interface or invoked programmatically using application programing interfaces.

As a provider of identity management services in the cloud, Hassen Karaa, director of product management for Okta, noted that two-factor authentication represents a naturally adjacent area for Okta to add to its cloud service portfolio. In fact, many of the investments that Okta made in building out the identity management service are being used to drive the two-factor authentication service.

The Okta Adaptive Multi-Factor Authentication service also keeps track of users, devices and the network and application service being requested. If a user makes an unusual request from a location they normally don’t use, the Okta service will generate an alert. In effect, Hassen said Okta is making use of big data platform developed by Okta to create a risk profile that informs the authentication process.

Other capabilities of the services include the ability to enforce policies relations to re-authentication and enrollment rules, configurable session timeouts and group-specific password policies. Okta has also integrated the service with its push technologies and hardware-based authentication devices from Yubico. Just as significantly, Hassen said the Okta authentication service can be integrated with other factors.

Finally, the Okta authentication service is also tied into over 4,000 applications in the Okta Application Network. Through Okta’s RADIUS server agent, customers can integrate VPN and other infrastructure running on premise to centrally enforce authentication rules for all applications and network access in order to protect applications that do not natively support the Okta service or any other specific factors.

While there will never be such a thing as perfect security, two-factor authentication does provide solution providers and their customers a way to deliver digital services in a way where the identity of the end user consuming that service can be more readily identified. The challenge and opportunity is finding a way to secure those services in a way where the cost of making them secure doesn’t wind up destroying the business model on which the digital service was built in the first place.