tetraguard realises successful MFA projects in the first quarter of 2025

In the wake of stricter legal requirements for IT security, in particular the EU NIS2 directive and the planned national KRITIS regulation, the protection of digital infrastructures continues to gain in importance. Against this background, tetraguard systems GmbH successfully implemented several projects to introduce secure two-factor authentication (2FA/MFA) in the first quarter of 2025. In particular, solutions from the in-house tetraguard suite were used – with a focus on the sign.in component, supplemented by 2FA plus, mobile OTP and the tetraguard OTP hardware generator.

Target group: municipal IT and critical supply areas

Users include several cities and municipalities as well as municipal utilities. They chose the tetraguard solutions after an intensive selection process, which in some cases included individual specifications and security guidelines. One key reason for this was the ability to implement security-critical requirements without the use of private end devices, while ensuring full compatibility with existing IT architectures.

Two-stage project structure

The introduction took place in two phases:

Phase 1: Installation of the central authentication component tetraguard sign.in. This served as the technical basis for securing the registration process.

Stage 2: Extension to include customer-specific requirements using the complete tetraguard.vario suite, consisting of the sign.in, 2FA plus and Mobile OTP modules. Among other things, the following requirements were successfully implemented:

• Exclusion of private smartphones as authenticators (no BYOD use)
• Securing the 2FA connection via VPN access
• Compatibility with existing third-party applications with 2FA functionality

Hardware-based solution with OTP generator

Particular emphasis was placed on a hardware-based authentication solution. The tetraguard OTP generator is used, a token with a time-based one-time password function (TOTP) that generates a new, cryptographically secured one-time password every 30 seconds. This solution offers significant advantages over cloud-based or mobile device-based approaches:

• separation of knowledge and ownership (PIN + OTP token)
• no need for private end devices (no BYOD required)
• on-premise administration of access data, without external cloud services
• automatic user binding of the token on first use – without additional administration effort
• cost optimisation through compact, low-maintenance hardware

contribution to increasing IT security

With the implementation of these projects, tetraguard lays the foundation for sustainable, secure access to sensitive IT systems – particularly in critical infrastructure. The modular architecture of the solutions enables flexible scaling while also taking into account current compliance requirements.

In the context of increasing digital threats and regulatory requirements, it is clear that technical authentication concepts such as those from tetraguard play a crucial role in closing security gaps – without the need for costly system conversions or the use of private devices. This positions tetraguard as a specialised solution provider for sector-specific 2FA/MFA strategies in municipal and critical environments.