FAQ – Does SAP Authentication 365 meet industry standards?
SAP Authentication 365 meets or exceeds industry standards in a number of areas:
SAP Authentication 365’s token generation is implemented using both industry standard RFC 6238 (TOTP)and RFC 4226 (HOTP).
Implementation of TOTP algorithms exceed the default by using a SHA-256 cryptographic hash method instead of SHA-1 (default)
A full alphanumeric token with 9 digits, results in over 1.354 x 1016 possible combinations (that’s greater than13.53 quadrillion)
Invalid responses are limited and locked out after repeated failures from an end-user.
SAP Authentication 365 is to be implemented across geographically redundant servers, requiring a secure connection between SAP and the customer. Additionally, as business supports it, we will be able to deploy SAP Authentication 365 into country-specific data centers (SAP or partner) as needed.
William Dudley Group Director, Mobile Evangelist and Global Solutions Strategy, SAP Digital Interconnect