Passportal utilizes Hashicorp TOTP Vault to generate codes - this means that the server time on the Passportal regional host server is not used in the generation of the TOTP.RFC6238 states that the code generator ( Passportal) and the verifier (the secured application) should both be working on UTC time: Time Differences between Passportal and the 2FA Secured Application If your session times out on the browser extension, you will not be able to re-authenticate and you will require assistance to get this reset, potentially causing a delay in access to your Passportal account. Make sure not to store your log-in credentials for Passportal in Passportal itself, especially if you have TOTP associated to that account. With the TOTP configured in the stored Credential in Passportal, all technicians with access to the Credential can use that TOTP to authenticate when accessing a clients devices or environment. Immediate benefit over a 3rd Party TOTP serviceīy configuring a Credential with a TOTP generated by Passportal, technicians and engineers no longer have to tie individual authentication accounts to their own authentication tools on their mobile devices. The generated unique codes are also time bound, and so will expire every 30 seconds.Īll TOTP seed codes are encrypted at rest and stored separately from the credentials they reference in their own database on separate infrastructure. Most popular 2FA apps, such as Google Authenticator, Microsoft Authenticator, Duo, Authy, etc., support TOTP. TOTP's are a common form of 2FA (Two-Factor Authentication), generated unique numeric codes by an algorithm that uses the current time as an input. Passportal Credentials can be configured to include a Time-based One-Time Password (TOTP).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |