About Two-Factor Authentication

Two-factor authentication requires you to enter two forms of identification before you can access the KeyControl Vault Management webGUI. The first form is your standard username/password combination, and the second is a one-time password (OTP) generated by a authorization app. The OTP is appended to your existing password.

Two-factor authentication can now be enabled and enforced for all KeyControl Vault Management webGUI users by the security administrator. Once enforced, all users will be prompted to use two-factor authentication to log in to the KeyControl Vault Management webGUI.

KeyControl supports HMAC-based One Time Passwords (HOTP) and Time-based One-time Passwords (TOTP). HOTP uses an event-based algorithm, and passwords generated through this method are valid until the next event occurs. TOTP passwords are only available for a very short amount of time and are therefore more secure.

Important: We have seen instances where, if a QR code is used, the Microsoft Authenticator replaced the entries for the same username from different KeyControl clusters . If you are planning to use Microsoft Authenticator for same usernames in different KeyControl clusters, please manually type in the account name and secret key for the second and subsequent accounts rather than scanning the QR code, and make sure that each account name is different.

Related Topics