Multi-Factor Authentication Set Up Guide

Salesforce is requiring all users to be MFA enabled by February 1st.

To help prepare my company and clients, I put together this quick PPT guide to set up Multi-Factor Authentication.

Enjoy!

https://docs.google.com/presentation/d/1-6Pz0smyIwQbwFJpjYemKBHLor0G8UCh/edit?usp=sharing&ouid=105035427502248665637&rtpof=true&sd=true

πŸ‘︎ 64
πŸ’¬︎
πŸ‘€︎ u/dankcoins
πŸ“…︎ Jan 11 2022
🚨︎ report
Set up multi-factor authentication and it isn't working - locked out of account

While I'm waiting on hold with customer service, I figure I'll try posting here in case someone else has encountered this.

It up MFA in my security settings by downloading the Symantec VIP app on my iPhone and also on my Macbook (since Symantec VIP doesn't have any backup and E*Trade only allows one form of MFA I wanted to ensure I have a back up in case I lose access to one of the devices).

For each authenticator, I entered my credential ID and security code from Symantec VIP and each time it successfully added it in E*Trade. Then I logged out and tried logging back in to test it.

I enter my user name and password as normal. I click the "security code" box in the login form and enter the security code from Symantec VIP and it just brings me back to the login page with a message that reads "Please log on to continue to the page you requested." I tried codes from the app running on my iPhone as well as the one running on my Macbook.

I tried resetting my password. The password reset went through, but I still can't login because it isn't accepting my security code.

At this point, once I get through to support on the phone, I'm just going to turn off MFA. I use MFA for every account that offers it. But unless I'm missing something very obvious, I don't trust E*Trade's implementation and wish they offered MFA through QR so I can use LastPass authenticator and also offer SMS text options.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/MNBlockhead
πŸ“…︎ Jan 06 2022
🚨︎ report
Multi-Factor Authentication Has Arrived
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/Whoui
πŸ“…︎ Jan 20 2022
🚨︎ report
Multi-Factor Authentication for NetID issue

I'm a new student C'26 and just received credentials for setting up NetID and MFA. Upon activation of the NetID, and in trying to sign up for MFA, I keep getting an 'error statement due to use of a supposed back button', which I did not use. What do I do to rectify this as I can't login using my NetID and password without encountering this error issue?

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/Beneficial_Ad_317
πŸ“…︎ Dec 20 2021
🚨︎ report
Multi-Factor Authentication apps?

Have anyone enabled MFA on their SF environment?

Curious about which MFA app is the best. I've tried DUO, Microsoft Authenticator and Authy. They all operate pretty much the same I just wish they had a push option. Kinda cumbersome to open the MFA app to view a code.

Edit: Just found out about lightning login, it does provide push alerts.

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/D3FSE
πŸ“…︎ Nov 30 2021
🚨︎ report
Requesting help with Jetstream/Fortify Two Factor Authentication with Multi-Auth (multiple guards)

Hi Everyone,

I'm working on a new Laravel app with Jetstream/Fortify installed. It will be using a multi-auth setup in which there will be two guards: web (these users will be in a table called users) and admin (these users will be in a table called admins). I've heard that it is generally preferred to have all users in the same table and just assign roles, but that decision isn't up to me so it may not be an option for me to change it.

Both guards are currently setup so both users and admins can login and are redirected to their respective dashboards, so that part is working correctly. Both guards can also update their respective user profiles and update their passwords, so those parts are working correctly also.

The main issue is that I'm having trouble getting the two-factor authentication part working for the admin users. For regular users with the web guard, it is working as expected, so there is not an issue there. For the admin users, though, when they "Enable" two-factor authentication, it updates the two_factor-secret and two_factor_recovery_codes in the admins table correctly, but I'm not sure what to do next to get it to redirect to the two-factor verification screen for admin users when it is enabled.

My Admin LoginController has a typical login method that currently looks like this:

public function login(Request $request)
    {
        $this->validate($request, [
            'email' => 'required|email',
            'password' => 'required|min:6'
        ]);

        if (Auth::guard('admin')->attempt(['email' => $request->email, 'password' => $request->password], $request->remember)) {
            return redirect()->intended(route('admin.dashboard'));
        }
        return back()->withInput($request->only('email', 'remember'));
    }

I know I'm missing some Fortify logic in the code above, I'm just not sure what specifically to add. I did track down in the vendor folder for laravel\fortify that the regular user login is calling the store method and loginPipeline method in AuthenticatedSessionController so I attempted to add that logic into my controller so the login method looks like this instead, but it seems to be checking against the users table instead of the admins table so the user can't even login:

    public function login(LoginRequest $request)
    {
        return $this->loginPipeline($request)->then(function ($request) {
            re
... keep reading on reddit ➑

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/cdt87
πŸ“…︎ Jan 05 2022
🚨︎ report
The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects. github.com/ossf/great-mfa…
πŸ‘︎ 34
πŸ’¬︎
πŸ‘€︎ u/munrobotic
πŸ“…︎ Dec 14 2021
🚨︎ report
Two-Factor & Multi-Factor Authentication (MFA)

Hi all,

Our company staff is currently Work From Home(WFH) via SSL VPN using FortiGate Firewall.

I was asked to implement a 2FA/MFA to improve security and record some log activities when staffs is logging into the company network and file servers.

Question:

  • Is it better to add Forti Token as MFA with FortiGate Firewall?
  • or It is better to add Duo Security and link to Active Directory?
  • Any way we can know which files are accessed (read/write/copy) by end-user at the file-server level?

Thank You

πŸ‘︎ 15
πŸ’¬︎
πŸ‘€︎ u/stanleyng8
πŸ“…︎ Oct 26 2021
🚨︎ report
Smartwatch recommendation compatible with multi-factor authentication app Imprivata

I am an outpatient provider who prescribes medications that require multi-factor authentication using the Imprivata app/platform. I am interested to see what you all think of using a smartwatch to "approve" these requests during visits, instead of having to pull out a cellphone each time. Do any of you use your a smartwatch this way? I am finding most smartwatches advertise their fitness/sleep tracking capabilities so I do not have a good sense of if the Imprivata app is compatible with these devices. Any thoughts/experiences/recommendations would be greatly appreciated!

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/Coffee_and_Eggies
πŸ“…︎ Nov 18 2021
🚨︎ report
Issues with Multi-Factor Authentication

So, a phone restore on Thursday broke the authenticator app I use to log into the Bethesda Launcher. I found Bethesda's "Account Recovery" page and logged a ticket. As seems to be the standard, I received no "ticket created" email, and didn't hear anything the rest of the day.

On Friday, I thought maybe I had created the ticket incorrectly, so I logged another. Same result.

I of course cannot log into the support site to check these tickets and, as it is now Saturday night, I don't expect a response on the weekend and I've resigned myself to just waiting for them to get back to me.

It sucks I can't play all weekend, but I'm more concerned about not getting a positive resolution. I'm curious, for others who have had to deal with account recovery related to MFA issues, what was your outcome?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/Panik-X
πŸ“…︎ Dec 05 2021
🚨︎ report
Multi-Factor Authentication required January 2022. Personally, I am happy that Mac is instigating this.
πŸ‘︎ 24
πŸ’¬︎
πŸ‘€︎ u/biologystudent123
πŸ“…︎ Oct 27 2021
🚨︎ report
Staking with Multi Factor Authentication?

Hello everyone

Currently I stake my ADA with Yoroi wallet. Is there an MFA option that can be enabled?

If not is there an ADA wallet that I can stake with for the future that has MFA?

Thanks!

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/_Mushroom_Colins
πŸ“…︎ Nov 18 2021
🚨︎ report
Multi factor authentication not working. Account recovery asking for date I made my account, which I have no clue when I did. Am I fucked?
πŸ‘︎ 18
πŸ’¬︎
πŸ‘€︎ u/llamafromhell1324
πŸ“…︎ Nov 29 2021
🚨︎ report
Multi-factor authentication for the iOS device itself

Why is it so difficult to setup multi-factor authentication to protect an iphone or iphone app? I'm trying to add an additional layer of security on top of email access. I've been researching this for weeks and I don't think it can be done.

There are plenty of tools to make your iphone itself a MFA token, to access other sites or devices. But none to protect the phone itself. There are some crude workarounds but they all seem to have pretty substantial loopholes or shortcomings.

Ie, some people use Screen Time to emulate MFA. But Screen Time always allows a minute of open access; then it gives you a 5-minute warning before locking an app out. There are lots of app-lock apps for Android. There aren't really any true app-lock programs for iOS. Locker, for example, can hide app icons behind a password but those apps can still be accessed through your app library.

The closest I can find is that a few third party email apps come with their own built-in password feature. But most of these are by small developers that I'm uncomfortable sharing email sign on information with. There are also some apps that can require FaceID. I guess that's better than nothing but true MFA would require a different authentication than whatever you used to unlock the phone already.

Any suggestions? What am I missing here?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/woowoo293
πŸ“…︎ Dec 02 2021
🚨︎ report
Can an employer force staff to use personal phones for multi-factor authentication?

Companies are increasingly requiring multi-factor authentication to remotely access their intranet and services like Office 365. This often requires the use of a mobile phone, and most people don't have access to company phones.

How acceptable/reasonable do you think it is to use your own personal phone for work purposes in this case?

Edit: clarify the context: working from home (remote access)

πŸ‘︎ 42
πŸ’¬︎
πŸ‘€︎ u/220-240volts
πŸ“…︎ Aug 31 2021
🚨︎ report
Coinbase Multi-Factor Authentication Hack Affects at Least 6,000 Customers coindesk.com/business/202…
πŸ‘︎ 16
πŸ’¬︎
πŸ‘€︎ u/Rikheuseveldt
πŸ“…︎ Oct 01 2021
🚨︎ report
Anyone else get email: "Action Required: Enrol in Multi Factor-Authentication for a chance to win AirPod Pros"

Is this real? not interested in the air pod incentive, just wondering if this is legit/safe or some sort of scam? Not sure if I want to give out my NetID + password?

πŸ‘︎ 19
πŸ’¬︎
πŸ“…︎ Oct 30 2021
🚨︎ report
Multi-Factor Authentication Weaknesses

I'm suck on question 5 of the Intermediate Web Multi-Factor Authentication Weaknesses lab. Its the one where you're supposed to bypass MFA. I've come at this from a few different angles.

  • Tried sending in mfa_requred=False in various formats
  • registered a new user, tried using that users tokens and session
  • navigating to a different page

all without any luck. I could use some tips if anyone was able to finish this one

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/RNG33bus
πŸ“…︎ Nov 18 2021
🚨︎ report
Introducing Multi-Factor Authentication for your Second Life Account! second.life/mfa
πŸ‘︎ 39
πŸ’¬︎
πŸ“…︎ Sep 22 2021
🚨︎ report
How is Multi-factor Authentication Improving in the Digital world? medium.com/sattrix-cyber-…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/mahendra-p
πŸ“…︎ Nov 29 2021
🚨︎ report
Multi-factor Authentication Weakness

Been stuck on this one for 2 days, found the logic flaw but can’t seem to decode what the OTP algorithm is even though it is based on the date.

Not sure how to capture packet on the wire without tcpdump/wire shark installed.

Anyone point me in the right direction? I understand I need to brute-force the static PIN afterwards.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/butteralchemist
πŸ“…︎ Nov 02 2021
🚨︎ report
Force multi-factor authentication for all active users

I've been setting up multi-factor authentication for the QNAP's of all our customers and I've been wondering if there is any method to force every active user on the QNAP to setup 2fa with their next login?

I know for a fact that Synology has an option like this build into their newest firmware version, would save me some work if QNAP has a similar option like this.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/dom_does_memes
πŸ“…︎ Dec 07 2021
🚨︎ report
LMAAS-IoT: Lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment sciencedirect.com/science…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/A-Alsahlani
πŸ“…︎ Nov 30 2021
🚨︎ report
LMAAS-IoT: Lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment sciencedirect.com/science…
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/A-Alsahlani
πŸ“…︎ Dec 01 2021
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.