MSP RMM: Enhance Security with Two-Factor Authentication

Security matters now more than ever, especially for the work you do. With this in mind, we’re planning to release an update in the coming days that’s designed to further protect you and your customers’ data and devices from compromise or attack. Soon we’ll be requiring you to use Two-Factor Authentication (2FA) when logging into the Dashboard in order to use two key features: Take Control and Remote Background Management.

2FA is one of the most effective ways to thwart a would-be security breach and can help to prevent an attack in the event a user’s login credentials are accidentally compromised. Protecting your customers from all vectors of attack is part of today’s IT landscape, and as trusted IT advisors, it’s imperative for us to help you make sure system access is as secure as possible.

Please be assured that we’re introducing this update in such a way that it doesn’t get in the way of your day-to-day support operations: You’re in control of when to turn 2FA on for your user account.

You’ll start to notice a new on-screen message when you initiate a Take Control or Remote Background Management session, asking you to enable 2FA or, if not convenient, to defer it to another time that suits you better.

Eventually however, 2FA will be required to use Take Control and Remote Background Management, and we recommend turning 2FA on at your earliest convenience.

Note that users who already log in with 2FA, using the existing 2FA security feature available through the ‘General Settings’ dialog, won’t see any difference – you already log in with the extra security so you’re all set!

Here’s a detailed run-through of the security update…

Important! To activate 2FA, you need to be logging into the Dashboard with a valid email address, and you need your smartphone to install an ‘authenticator’ app.

  • If you don’t currently log in with 2FA, then you’ll soon start to see this prompt when you start a Take Control or Remote Background Management session (1)

2fa 1

  • If you click ‘Activate Later’, you’ll just carry on with your Take Control or RBM session as normal. You’ll see the reminder message again the next time you start a Take Control or RBM session, until you activate 2FA.
  • After clicking ‘Activate Now’, you’ll be taken back to the Dashboard login screen (2) in order to activate 2FA. In the next step you’re asked to validate your email address (3).

2fa 2

Please make sure this is a valid email address that you have access to, otherwise you will not be able to log back into the Dashboard and will require a colleague to reset your login for you.

  • Follow the simple 2FA activation steps on the screen. You’ll be asked to install a 3rd party authenticator app on your smartphone (4) – these are freely available in the app stores for iOS, Android, Windows Phone and any other mobile OS. This app will generate the one-time, time-based passcode that you need to log into the Dashboard with going forward.

2fa 3

  • Once you’ve completed the 2FA activation process you’ll be logged back into the Dashboard – the Take Control and Remote Background Management features will no longer show you the 2FA activation prompt. Note that 2FA only asks you for a passcode when you log in, once you’re in the Dashboard all features are available as before.
  • Users with access the User Accounts dialog (based on permissions) will see a new 2FA column (5), showing you which users have 2FA turned on (green tick), which have 2FA enabled but not yet activated it (grey tick), and which do not have it turned on (no tick). Right-click a user to bring up the context menu in order to enable or disable 2FA for that user (6). 

2fa 4

  • If the existing Dashboard-wide 2FA feature is turned on (7), then all users are required to log in with 2FA, and 2FA can’t be disabled or enabled for an individual user. You can see if 2FA is enabled at Account-wide level in the Info section at the bottom of the User Accounts dialog (8).

2fa 5

2fa 6

2FA and IP Address Verification: Upcoming enhancement

As you’re probably aware, we recently introduced IP address verification to the Dashboard login process. We’ll shortly be adding an option that will allow you to pause IP address verification for individual users who’re logging in with 2FA. We recommend having both security layers in place, but appreciate some users may routinely access the Dashboard from new locations. For those special cases, the ability to turn off IP address verification may be used to avoid a cumbersome login routine.

 

If you run into an issue activating 2FA….

If you find you’re unable to complete the 2FA activation process for some reason – for example, you’re unable to validate the email address you use to log into the Dashboard, or you don’t have access to your phone for some reason, then the simplest thing to do is to ask a colleague to temporarily disable 2FA for your user account. They simply need to go to the User Accounts dialog as described above and disable 2FA for your account. If a colleague isn’t able to help, then our customer support team will be able to help you out too.

Greater security for greater peace of mind

Once 2FA is turned on for your user account, it adds just a small extra step to the Dashboard login process, while introducing a proven, highly effective barrier against someone gaining unauthorised access to your account. By adding the user-level 2FA option, we’re helping you extend 2FA across the organisation in a managed, non-disruptive way, so that you and your clients can take advantage of the extra security without it interrupting any of your day-to-day support operations.

For any further questions, feel free to reach out to the Support Team or your Account Representative.

This entry was posted in MSP Remote Monitoring & Management, MSP Remote Monitoring & Management release notes. Bookmark the permalink.