Technical description

Two-factor authentication

This document is a guide on how to use two-factor authentication (2FA) to secure your user account(s) in a better way. Two-factor authentication provides an additional layer of security to your user accounts by requiring two different types of authentication factors.

Note: Two-factor authentication applies to you only if you are using Testlab’s in-built authentication methods. If your organization is using SSO (based on SAML 2.0), two-factor authentication does not apply to you.

  • Introduction

    Two-factor authentication provides an additional layer of security to your user accounts by requiring two different types of authentication factors from the user logging in. The first factor is the password for your account, and the second is a unique code that changes every 30 seconds. To generate this code, you will need a TOTP-compliant authenticator application – to your mobile device or to your web browser. Some popular authenticators are Google’s and Microsoft’s authenticators or Authy.

    TOTP – short for “Time-Based One-Time Password” – is a type of two-factor authentication that works with short-lived automatically generated one-time passwords.

  • Benefits

    TOTP-based two-factor authentication is a secure, convenient, cost-effective, and compatible way to protect user accounts from unauthorized access.

    Increased Security: Two-factor authentication adds an additional layer of security to the login process, making it much harder for attackers to gain access to the system with stolen or guessed passwords. TOTP-based authentication is particularly secure as the one-time passwords are valid for a short time and cannot be used again.

    Convenience: TOTP-based authentication is very convenient as it can be done with a mobile phone app. The user does not need to carry any extra hardware devices, and the app generates a new one-time password every 30 seconds, so there’s no need to wait for an SMS or email to arrive.

    Cost-Effective: Implementing TOTP-based two-factor authentication is relatively cheap and easy as it does not require any additional hardware devices. The user’s smartphone can act as the second factor, which makes it cost-effective for businesses to implement.

    Compatibility: TOTP-based authentication is compatible with a wide range of systems and platforms, including Google, Microsoft, and other popular services. This means that users do not need to learn how to use different authentication systems for each service they use.

     

  • Enabling 2FA

    Enabling 2FA for yourself

    Users can only enable two-factor authentication on their own user account:

    1. Open “My Account” – Window via Testlab-menu in the top left corner.
    2. Click Enable two-factor authentication
    3. Open up the authenticator app and scan the QR code shown to you.Alternatively, you can manually enter the code provided to you. If you opt for the latter, ensure the authenticator profile uses SHA-1 encryption.
    4. Confirm the process by entering a single passcode provided by your authenticator. Note that the passcode changes every 30 seconds.

    Enforcing 2FA for all your users

    As an Administrator, you can also enforce the use of 2FA for all users in your organization. To do this, open up the Security Tab in the Company management view found in the “Testlab” menu and check the “Mandatory two-factor authentication” option.

    When this option is enabled, all your users are forced to enable 2FA before they can log in. Additionally, you have the option to provide a list of IP addresses where the 2FA is not needed. For example, you can enter the public IP addresses of your offices to skip the 2FA process for all users inside your premises.

     

  • Logging in with 2FA

    When logging into Testlab with two-factor authentication enabled, the user must perform the following steps:

    1. Enter their username and password on the login page.
    2. Open an authenticator app on their phone, such as Google Authenticator or Authy.
    3. The authenticator app generates a new, temporary one-time password every 30 seconds.
    4. Enter the current one-time password displayed in the authenticator app into the login page.
    5. If the one-time password is correct, the system will log the user in.
    6. If the one-time password login fails, the user must wait for the authenticator app to re-generate a new one-time password and try again.

    So, in summary, the user needs to provide both something they know (their username and password) and something they have (their phone with the authenticator app) to complete the login process.

  • Where can I read more

    You can find more information on how to deploy, enable, disable and use two-factor authentication from Testlab’s inbuilt Help manual:

    • 6.4 – User management > Two-factor authentication
    • 6.1 – Company management > Security Tab