×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Thank you. We will consider the use of a windows client for the second factor.
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx> On Behalf Of Richard Schoen
Sent: Tuesday, August 14, 2018 9:07 AM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Two factor auth for iSeries V7R2
Hello Chris,
I ran this past the internal security team.
Here's the feedback I received:
Access Authenticator does not currently or have plans to use email or SMS texting of second factor codes. Both of those methods are considered very insecure and NIST recommends that they are not used in this manner.
You only need to look back a short time to see a compromise of a major companies systems because an insecure second factor was compromised and used maliciously.
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/
The same goes for voice calls as a second factor - NIST recommends against them. They are easy to spoof and insecure.
Beyond the use of the mobile apps Access Authenticator also supports:
-Printed OTP one time pass codes
-Soft token generated OTP from a user's desktop
-Physical tokens using a YubiKey hard token
** RADIUS and RSA physical tokens are on the roadmap.
Hope this helps.
midrange.com
