Salesforce is requiring all users to be MFA enabled by February 1st.
To help prepare my company and clients, I put together this quick PPT guide to set up Multi-Factor Authentication.
Enjoy!
While I'm waiting on hold with customer service, I figure I'll try posting here in case someone else has encountered this.
It up MFA in my security settings by downloading the Symantec VIP app on my iPhone and also on my Macbook (since Symantec VIP doesn't have any backup and E*Trade only allows one form of MFA I wanted to ensure I have a back up in case I lose access to one of the devices).
For each authenticator, I entered my credential ID and security code from Symantec VIP and each time it successfully added it in E*Trade. Then I logged out and tried logging back in to test it.
I enter my user name and password as normal. I click the "security code" box in the login form and enter the security code from Symantec VIP and it just brings me back to the login page with a message that reads "Please log on to continue to the page you requested." I tried codes from the app running on my iPhone as well as the one running on my Macbook.
I tried resetting my password. The password reset went through, but I still can't login because it isn't accepting my security code.
At this point, once I get through to support on the phone, I'm just going to turn off MFA. I use MFA for every account that offers it. But unless I'm missing something very obvious, I don't trust E*Trade's implementation and wish they offered MFA through QR so I can use LastPass authenticator and also offer SMS text options.
I'm a new student C'26 and just received credentials for setting up NetID and MFA. Upon activation of the NetID, and in trying to sign up for MFA, I keep getting an 'error statement due to use of a supposed back button', which I did not use. What do I do to rectify this as I can't login using my NetID and password without encountering this error issue?
Have anyone enabled MFA on their SF environment?
Curious about which MFA app is the best. I've tried DUO, Microsoft Authenticator and Authy. They all operate pretty much the same I just wish they had a push option. Kinda cumbersome to open the MFA app to view a code.
Edit: Just found out about lightning login, it does provide push alerts.
Hi Everyone,
I'm working on a new Laravel app with Jetstream/Fortify installed. It will be using a multi-auth setup in which there will be two guards: web (these users will be in a table called users) and admin (these users will be in a table called admins). I've heard that it is generally preferred to have all users in the same table and just assign roles, but that decision isn't up to me so it may not be an option for me to change it.
Both guards are currently setup so both users and admins can login and are redirected to their respective dashboards, so that part is working correctly. Both guards can also update their respective user profiles and update their passwords, so those parts are working correctly also.
The main issue is that I'm having trouble getting the two-factor authentication part working for the admin users. For regular users with the web guard, it is working as expected, so there is not an issue there. For the admin users, though, when they "Enable" two-factor authentication, it updates the two_factor-secret and two_factor_recovery_codes in the admins table correctly, but I'm not sure what to do next to get it to redirect to the two-factor verification screen for admin users when it is enabled.
My Admin LoginController has a typical login method that currently looks like this:
public function login(Request $request)
{
$this->validate($request, [
'email' => 'required|email',
'password' => 'required|min:6'
]);
if (Auth::guard('admin')->attempt(['email' => $request->email, 'password' => $request->password], $request->remember)) {
return redirect()->intended(route('admin.dashboard'));
}
return back()->withInput($request->only('email', 'remember'));
}
I know I'm missing some Fortify logic in the code above, I'm just not sure what specifically to add. I did track down in the vendor folder for laravel\fortify that the regular user login is calling the store method and loginPipeline method in AuthenticatedSessionController so I attempted to add that logic into my controller so the login method looks like this instead, but it seems to be checking against the users table instead of the admins table so the user can't even login:
public function login(LoginRequest $request)
{
return $this->loginPipeline($request)->then(function ($request) {
reHi all,
Our company staff is currently Work From Home(WFH) via SSL VPN using FortiGate Firewall.
I was asked to implement a 2FA/MFA to improve security and record some log activities when staffs is logging into the company network and file servers.
Question:
- Is it better to add Forti Token as MFA with FortiGate Firewall?
- or It is better to add Duo Security and link to Active Directory?
- Any way we can know which files are accessed (read/write/copy) by end-user at the file-server level?
Thank You
I am an outpatient provider who prescribes medications that require multi-factor authentication using the Imprivata app/platform. I am interested to see what you all think of using a smartwatch to "approve" these requests during visits, instead of having to pull out a cellphone each time. Do any of you use your a smartwatch this way? I am finding most smartwatches advertise their fitness/sleep tracking capabilities so I do not have a good sense of if the Imprivata app is compatible with these devices. Any thoughts/experiences/recommendations would be greatly appreciated!
So, a phone restore on Thursday broke the authenticator app I use to log into the Bethesda Launcher. I found Bethesda's "Account Recovery" page and logged a ticket. As seems to be the standard, I received no "ticket created" email, and didn't hear anything the rest of the day.
On Friday, I thought maybe I had created the ticket incorrectly, so I logged another. Same result.
I of course cannot log into the support site to check these tickets and, as it is now Saturday night, I don't expect a response on the weekend and I've resigned myself to just waiting for them to get back to me.
It sucks I can't play all weekend, but I'm more concerned about not getting a positive resolution. I'm curious, for others who have had to deal with account recovery related to MFA issues, what was your outcome?
Hello everyone
Currently I stake my ADA with Yoroi wallet. Is there an MFA option that can be enabled?
If not is there an ADA wallet that I can stake with for the future that has MFA?
Thanks!
Why is it so difficult to setup multi-factor authentication to protect an iphone or iphone app? I'm trying to add an additional layer of security on top of email access. I've been researching this for weeks and I don't think it can be done.
There are plenty of tools to make your iphone itself a MFA token, to access other sites or devices. But none to protect the phone itself. There are some crude workarounds but they all seem to have pretty substantial loopholes or shortcomings.
Ie, some people use Screen Time to emulate MFA. But Screen Time always allows a minute of open access; then it gives you a 5-minute warning before locking an app out. There are lots of app-lock apps for Android. There aren't really any true app-lock programs for iOS. Locker, for example, can hide app icons behind a password but those apps can still be accessed through your app library.
The closest I can find is that a few third party email apps come with their own built-in password feature. But most of these are by small developers that I'm uncomfortable sharing email sign on information with. There are also some apps that can require FaceID. I guess that's better than nothing but true MFA would require a different authentication than whatever you used to unlock the phone already.
Any suggestions? What am I missing here?
Companies are increasingly requiring multi-factor authentication to remotely access their intranet and services like Office 365. This often requires the use of a mobile phone, and most people don't have access to company phones.
How acceptable/reasonable do you think it is to use your own personal phone for work purposes in this case?
Edit: clarify the context: working from home (remote access)
Is this real? not interested in the air pod incentive, just wondering if this is legit/safe or some sort of scam? Not sure if I want to give out my NetID + password?
I'm suck on question 5 of the Intermediate Web Multi-Factor Authentication Weaknesses lab. Its the one where you're supposed to bypass MFA. I've come at this from a few different angles.
- Tried sending in mfa_requred=False in various formats
- registered a new user, tried using that users tokens and session
- navigating to a different page
all without any luck. I could use some tips if anyone was able to finish this one
Been stuck on this one for 2 days, found the logic flaw but canβt seem to decode what the OTP algorithm is even though it is based on the date.
Not sure how to capture packet on the wire without tcpdump/wire shark installed.
Anyone point me in the right direction? I understand I need to brute-force the static PIN afterwards.
I've been setting up multi-factor authentication for the QNAP's of all our customers and I've been wondering if there is any method to force every active user on the QNAP to setup 2fa with their next login?
I know for a fact that Synology has an option like this build into their newest firmware version, would save me some work if QNAP has a similar option like this.
