Two-Factor Authentication Using Email and Pin Code

In Build 6215 we introduced another two-factor Authentication option in addition to what was already possible with RSA’s SecurID or Google Authenticator. If you’d also like to watch a video demonstrating this feature, you can do so here – Watch Video

This two-factor authentication option allows you to specify an email address where a temporary pin code can be emailed, which is used as the basis for the authentication. Instead of just using your email address associated with your Passwordstate user account, we provide the option to specify a different email address so you can send it to a personal email account none of our work colleges may have access to, so you can receive the email on your mobile device, or so you can send to an SMS gateway. In addition to using this authentication method for accessing Passwordstate, you can also configure Password Lists to use this option as an additional authentication step which is required each time a user wishes to access password records in the Password List.

Before we get into how it works, let’s cover off on some of the settings for this feature.

In order to start using this feature, you need to first select the Authentication Option on the Preferences screen, and also specify the email address of where you want the temporary pin code to be sent. It’s possible your Security Administrators of Passwordstate may select this authentication option for you as well, and they can do this as a System Wide setting, or possibly configure a User Account Policy for you.

 

The Security Administrators of Passwordstate can also configure a couple of settings for this feature, including the minimum length of the pin code and how long the pin code will be active.

 

Now your Preferences and System Settings are configured, you will be presented with the following screen when you attempt to authenticate. You will notice initially the login screen reminds you which email address the Pin Code is being sent to, and then it shows a countdown timer indicating when the temporary pin code will expire.

 

And below is a screenshot of an example email you will receive – simply enter the pin code before it expires, and the authentication step will be complete.

 

 

Two-Factor Authentication with Google Authenticator

Hi Everyone,

We’ve finished adding two-factor authentication using Google’s Authenticator to version 6 of Passwordstate. Google Authenticator is great for smaller companies who can’t afford the investment required to internally host other two-factor authentication solutions such as RSA’s SecurID.

Configuring your Passwordstate account to use Google Authenticator, is quite a simple process:

  • First install Google Authenticator on your mobile device – Android, iOS & Windows Phone
  • Visit the Preferences screen in Passwordstate, and click on the ‘Authentication Options’ tab
  • Select the ‘Google Authenticator’ option from the Authentication dropdown list
  • Generate a new barcode/secret key
  • Scan the barcode into Google Authenticator on your mobile/cell device, or manually type in the secret key
  • Click on the ‘Save’ button to save the secret key to your Passwordstate account.

Google Authenticator Settings

Once you have successfully enabled Google Authenticator with Passwordstate and on your mobile/cell device, then you will be presented with the following login screen next time you visit Passwordstate.

Passwordstate Google Authenticator Login

You will now have a maximum of 60 seconds to copy the verification code from your mobile/cell device (image below), into Passwordstate. After 60 seconds, a new verification code will appear on your device.

Google Authenticator for Android

 

We hope you like this new feature once version 6 of Passwordstate is released, and please leave us any comments you like regarding the feature.

Regards
Click Studios