About Two-Factor Authentication
Two-factor authentication requires you to enter two forms of identification before you can access the Cryptographic Security Platform Vault Management webGUI. The first form is your standard username/password combination, and the second is a one-time password (OTP) generated by a authorization app. The OTP is appended to your existing password. Two-factor authentication is supported with local authentication only. If you want to use two-factor authentication for non-local users, we recommend that you enable it in your remote authentication provider.
Two-factor authentication can now be enabled and enforced for all local Cryptographic Security Platform Vault Management webGUI users by the security administrator. Once enforced, all users will be prompted to use two-factor authentication to log in to the Cryptographic Security Platform Vault Management webGUI.
Cryptographic Security Platform Vault supports HMAC-based One Time Passwords (HOTP) and Time-based One-time Passwords (TOTP). HOTP uses an event-based algorithm, and passwords generated through this method are valid until the next event occurs. TOTP passwords are only available for a very short amount of time and are therefore more secure.
Important: We have seen instances where, if a QR code is used, the Microsoft Authenticator replaced the entries for the same username from different Cryptographic Security Platform Vault clusters . If you are planning to use Microsoft Authenticator for same usernames in different Cryptographic Security Platform Vault clusters, please manually type in the account name and secret key for the second and subsequent accounts rather than scanning the QR code, and make sure that each account name is different.
