Two-factor authentication: an extra layer of security of vital importance
The best way to protect access to an account is to use two-factor authentication or 2FA. This is an extra layer of security on top of your standard password. And it is now also available for your Combell control panel. What is two-factor authentication and how can you enable it?
Even strong passwords are weak
When you need to log in to a website, a web service or a web app, you usually use a login (which is often your username or e-mail address) and a password. It is best to choose a password that is difficult to break. Please read our tips on this topic in the following article: Secure passwords: short and complex or long and memorable?
But even the strongest password can be broken or stolen. No matter how hard you think to come up with great passwords, this kind of security alone is still fallible.
Enable two-factor authentication with software token for your Combell control panel. It is simple, user-friendly, and yet extremely secure!
Two-factor authentication provides greater protection
Two-factor authentication (also known as 2FA, or two-step verification) provides an additional layer of protection. If you want to log in to your account, you will have to enter your usual password, but you will also have to enter a second factor (e.g. a code that you received via text messaging).
The advantage is clear: even if someone gets hold of one of the two factors used for 2FA, this person will not be able to access your account. So, even if someone manages to break your strong password, he or she will still be blocked from accessing your account.
Two-factor authentication: several options available
In practice, the most common options are:
Hardware Tokens
A small object, like a keychain for example, can generate a new numeric code every 30 seconds. If you want access to your account, you just have to look at the device and enter the 2FA code. Some hardware tokens send the 2FA code automatically when you connect the device to the USB port of your computer.
The disadvantage of this is that such devices are easily lost or stolen, and they can also be hacked.
Messages via SMS or Voice
Once you have entered your login and password, this system will send a unique One-Time Passcode (OTP) to your phone via SMS. You can then enter this code in the login screen and access your account.
The message via Voice is a variant that is mainly used in emerging countries where smartphones are expensive or networks are still underdeveloped. Users are then called via an automatic system that provides them with a passcode.
The disadvantage of this method is that it is also vulnerable.
Software Tokens
This is why software is increasingly being used to create a one-time and time-limited passcode, also known as Time-based One-time Password (TOTP) of soft-token.
To do this, you must first install a free 2FA app on your smartphone or computer. You can then use this app on any site that supports this form of authentication.
When you log in, enter your login and password to receive a code in your app, which you then have to enter as well. This token or code is usually valid for less than a minute.
The benefits:
- The code is generated and displayed on your own device (your computer or smartphone). This makes it impossible for hackers to intercept the code – unlike with text and voice messages.
- This solution will also work offline (in case you do not have an Internet connection).
Push notifications
With this login method, the website or app does not send you a code, but a push notification, to inform you that someone is trying to log in. You can then either approve or deny access.
The benefits:
- App-based two-factor authentication solutions are available for smartphones, computers and even wearables. Authentication is therefore possible everywhere.
- You do not need to enter a code. You only have to approve the login request.
- There is a direct and secure connection between the website, the 2FA service and your device. This eliminates the risk of phishing and man-in-the-middle attacks.
Biometric information
Two-factor authentication using biometric information is becoming increasingly popular. More and more devices feature a scanner with which you can prove your identity via a fingerprint, the pattern of your retina or face recognition. Other factors are taken into account, such as background noise, your pulse, your typing pattern or your voice print. Concrete applications, however, are not yet widespread.
This is how two-factor authentication works at Combell
One thing is certain: if a web service or website offers two-factor authentication, it is best to enable it. And Combell also allows you to enable 2FA. Combell opted for two-factor authentication via a software token. This is how it works:
- Log in to our website or your control panel
- In the drop-down menu, under your name, click on “Personal Information”.
- Then click on “Two-factor authentication” in the bar to the left.
- In the next screen, you will have to configure your two-factor authentication. Download one of the suggested apps to your smartphone, and use the app to scan the QR code. Enter the code that is now generated in the app. And you are done!
From now on, when you log in, you will have to enter the code that is generated in the app on your smartphone. You can also choose to mark your browser as secure. In that case, two-factor authentication will not be requested for 15 days. However, we recommend that you only use this option on your desktop computer, not on your smartphone.
Are you a Combell partner (aka reseller)?
If so, you can require this two-factor authentication for all users of your account. In your control panel, go to Settings > User Management > Two-step verification, and move the slider to this option. All your users who have not yet enabled two-factor authentication will be notified that they now must do so.
Do you need help with the configuration or do you have any other question? We are always just a phone call or e-mail away!