.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDU2KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=cxrXtqL2-rOiBWjpJsln9ND4epSwa1-KwtH9w25mnyr2QhSaAIngmr6x7u0mtDKU3GP3lfAo-DlHr~AHe96clhj4kxtY5p2XcgxnpBGFAqsv6agIo1wB7k2ct2dJAX9Ahny0gjJzLK3icufQQVyD4uFNWNlRL3JogilzbL~1GUG8EcWJ02HWjdqt2KxknPpx4xzbv9luXs~wU9p6RcKnlsGdQoyToG2zAq-y7EZCR9cb9RJv4fZ-DB~M42b7h7dGYvQCDrb-4i58I7QCDCo~mL5zPkNWsy8wkqpS~dD~LEKwSVW~faV8ZvoDKgjqTLox0P2pkLcd-iLuzlP01c9NwA__&Key-Pair-Id=K2TK3EG287XSFC)
Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account.
There are three basic credentials to authenticate yourself to a system:
An example of 2 Factor Authentication is online banking where a person needs to login with a username and password and has then to enter a number from a device or a SMS.
In case of Straatos, the 2 Factor Authentication relies on the password (something you know) and the Phone with the Google Authenticator app (something you have).
Passwords are everywhere. Users use them to access social media accounts, emails, business applications, networks, play games, transfer money and much more.
Usernames and Passwords are valuable to hackers to gain access to your personal data and to steal your data, money and identity. In recent years, password thefts have increased and even large companies have become victims of breaches. Google Research, over the course of March 2016 to March 2017, has identified "788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums".
In addition, the people at the National Institute of Standards and Technology have found that increaseing the complexity of passwords and forcing the users to change them more frequently does not help to increase the security. In many cases it decreases security as users change passwords only slightly and in predictable ways.
With 2 Factor Authentication, there is an added layer of security. The attacker does not only need to get the users username and password, but also needs to get the hands on the device in order to login to the account. Hence 2 Factor Authentication increases the security of the account.
There are two ways that 2FA can be enabled. It can be configured on Group or Organisation level to be required that all users use 2FA within that organisation. Alternatively, users can choose themselves to enable 2FA to enhance the security of their account.
Goto 'Edit Profile' by clicking onto your login Name on the top right (if not automatically directed to the Edit Profile page)
Enable the 2 Factor Authentication by switching it to 'on'
Once enabled, additional configuration fields appear to complete the 2FA setup
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDU3KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=JLpnE55E3Rj0q9kf7~PWUT-J3tp3mTA-ahZgow0p5QAzkjNsLlIBQ091sZGGvZVd-Xg72WaOAwM9Wjez8cWc6ohRqNQbXClOkJzGy2E8sjbsBePRNjIMC~EafTZojW0Chs82e5Mi9c21s-dTBlOb~SdYGh1BOB27L6AEB3PHemsHeVIfcH83YamgRSKqlTPl8zTZfq-ygIyuXNfodgYrtuOVcViP68aBm93eLudHmbsvVf1EyzT11LZNTdo8TsGN4A27RqdNtbNGEa~Z7EJb3hsZfA0nt77AWExj7lD94syS45LmEZuNrIdNzYXUNLRkc4HszJSo~IIGhDsXeHQqdg__&Key-Pair-Id=K2TK3EG287XSFC)
For security, please enter your password for your user name. Note, the password is not immediately checked, but without the valid password, the setup process can not be completed.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDU4KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=XR2hnB~2zPbtQlj0-cFsuu5Z5O0s2YbhtOaW5LXIiXk6B04xsE2RyacFWl4Vs3D7Pf~gcq~dsIy2CI1Becna8hMIpWAcLIMkJKNqCWuXt72f8I~Oz6D2PNnV-ym9Q9rD5bqwTDSSU5LAafvC4UaJ3XiA3DNXZNKOcMnLR7b-5n0rM1B53j9JqkqQl~EmJlC3ivRRJT~j3NhmLLwUqDOvLK-jJP9oe3LF87D4It~fETXu4WJcmwHRmrY0HANFD24HOCsyN5NcNDJslz-oVQ-wJPsovcEo8yTz9IDvwh3Q4HTyu1-SGSKNh~yV51ubTkOcabl1eV9cmjSF4eh-unRODA__&Key-Pair-Id=K2TK3EG287XSFC)
The Google Authenticator app lets you generate security codes on your phone without needing to receive text messages. If you don't already have the Google Authenticator app, you can download it from the links below:
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDU5KS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=pPn8A9qAYgqradBzh8mEwf1oihs9FEg7avhJNaHD5bvhq~ESdx9cSEz7zLASmWyMyAuRUIyaCA~QhRVx3~qSmi8IceDVxgdrN6PLUYTXrCuB~Evvz5C0h5jynGjlEyZWPL4F-zgcpl5bOqZpuluV03GCRXfkKoL7nfveEV2CT~gKF3d9BE~yAd5hUK-9vE5K6BKtDTwWd-LC7uGtnGeqLWFXY1IvVneeS~OLW9Mydq5taXiSeqWfgGmA9TlUfw0W7lWZI4mUq56g9TvKZp~fw58VOhv4Xna32slLuvUMeBfTFWjFuHmtAbRNbXya14445AKj5eufltCt3ebYhiwrYg__&Key-Pair-Id=K2TK3EG287XSFC)
From now on, every time you log into Straatos, the 2FA is required to log in.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDYwKS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=cybCk6zHKsSJOhDZIyyCisi8iWVlitQ~TluQwwyrmJWv5IqXNs3FvU-jv4moHvGAIXgwPNC41CSAJjvLLhBzUxAkwWdj4ei4PN0RyJ0KZby~4Ms3S4v01xsNRvloCHF~nhvc~t619rMgsRpRMIacHEpOFGuXSdzA7x5tQheYYGUH9x2i-TxxmKWHOSGzdYGhHfq3q-qWXuFMX6~1rRHu6xBlPuEYRpTXC51nZRG82Nl~jW6aD7Z2MSVRiq0wHFQuBYgBAyzov2zBScyXY1UYBirJ6pBYPNUydArlhKfjScDXkRzmbgs~4AfUNr4~iCEcjhRG7xouTL2YCuMw4Aw-2g__&Key-Pair-Id=K2TK3EG287XSFC)
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy8zMzg1LzUwNDYvY2tmaW5kZXIvaW1hZ2VzL2ltYWdlKDYxKS5wbmciLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE3NjU4NTk4Mzd9fX1dfQ__&Signature=fgMxkOp819IEM-hlhgo3rZQ~rZAbOvOMHRGrDI6NMTCFpBDPzXbshwEzBkZpBSdhPf843TAHzugZ2uIyxdnzhRITlEJjOzJOE0cEPLRZDP2e9mWGKxEUCHN8dGpLnHx6yYU1PlTq-4z~MhAoCbdDMK1-Yg18QD9IUWotF1zjF1I9GjY1BFlaGVbTPE8m0rEF9K3gmDsRmro99HC4v~RcIOgBH-XCpJzfl2D-DUt9d2O~Uzp58UkBw1S7xf6HaSP1cavxD~FtcF4l7P9apWV~jlmeHFkMcjjgUTYqxsFWzfoOhAApEYwSq2fx93PgQw9owCAJ2gcO6wQOmDseGTm7zg__&Key-Pair-Id=K2TK3EG287XSFC)
2FA can be disabled in the 'Edit Profile' by switching the 'Enable 2 Factor Authentication' to 'off'.
Once it is set to off, 2FA is no longer required to log in.
Once 2FA is enabled for a user, the user must use 2FA to login. Without the 2FA code from the Google Authenticator app, the user can not access any areas of Straatos.
There might be cases where the user does not have the Time-based code from the Google Authenticator app, for example
In this scenario, a Straatos User with Admin Rights can reset the 2FA by disabling it. After the 2FA is disabled, the user can login with the username/password again. In case 2FA is enforced, the user will then be able to setup the 2FA again.
From now on, all users defined at this group level will require 2FA to log in. Users that already exist in the system prior to 2FA being enabled, will require to setup 2FA during the next login.
From now on, all users defined in this organisation will require 2FA to log in. Users that already exist in the system prior to 2FA being enabled, will require to setup 2FA during the next login.