Hello Chris,
I ran this past the internal security team.
Here's the feedback I received:
Access Authenticator does not currently or have plans to use email or SMS texting of second factor codes. Both of those methods are considered very insecure and NIST recommends that they are not used in this manner.
You only need to look back a short time to see a compromise of a major companies systems because an insecure second factor was compromised and used maliciously.
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/
The same goes for voice calls as a second factor - NIST recommends against them. They are easy to spoof and insecure.
Beyond the use of the mobile apps Access Authenticator also supports:
-Printed OTP one time pass codes
-Soft token generated OTP from a user's desktop
-Physical tokens using a YubiKey hard token
** RADIUS and RSA physical tokens are on the roadmap.
Hope this helps.
[HelpSystems]<
https://www.helpsystems.com/>
Richard Schoen
Director of Document Management Technology
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802 | m. 952.486.6802
From: Richard Schoen
Sent: Tuesday, August 14, 2018 7:21 AM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Two factor auth for iSeries V7R2
Probably worth a call to the sales team to see what's in store of if it already has this feature.
http://www.helpsystems.com
Regards,
Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx<mailto:richard.schoen@xxxxxxxxxxxxxxx>
p. 952.486.6802
w. helpsystems.com
----------------------------------------------------------------------
message: 1
date: Mon, 13 Aug 2018 20:34:26 +0000
from: Christopher Bipes <chris.bipes@xxxxxxxxxxxxxxx<mailto:chris.bipes@xxxxxxxxxxxxxxx>>
subject: RE: Two factor auth for iSeries V7R2
Looks promising but I am hoping for an email with a secondary logon code and not a phone application. We cannot force our users to have a cell phone that can run such an application or want to provide a cell phone to all of our users.
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxx>> On Behalf Of Richard Schoen
Sent: Monday, August 13, 2018 12:56 PM
To: midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>
Subject: RE: Two factor auth for iSeries V7R2
I believe we have something as part of our Powertech offerings.
Not sure if it works with V7R2 or not.
Check out the following link or reach out to the sales team.
https://www.helpsystems.com/products/multi-factor-authentication-software-ibm-i
Regards,
Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx<mailto:richard.schoen@xxxxxxxxxxxxxxx>
p. 952.486.6802
w. helpsystems.com
As an Amazon Associate we earn from qualifying purchases.