2-factor authentication

Similar Messages

• Multi-factor Authentication?

  Multi-factor authentication will soon be mandatory for
  several of my applications. I need to know if CF has any built-in
  functionality, either stock or via custom tags, to handle any of
  the common multi-factor tools. How are other people handling this?
  :-)

  Huh, i'm sorry, I found the answer just after the questioning... :)
  Known Issues:
  * Windows Authentication for Terminal Services is still not supported for
  Windows Server 2012 R2From:https://pfweb.phonefactor.net/install/6.3.0.17465/release_notes.txt
  www.sccmfaq.ch

• Apple ID - Two Factor Authentication (and why I stopped using it)

  The Apple devices I use every day consist of the following:
  2009 MacBook Pro 17" (home)
  iPhone 6 (home)
  2012 MacBook Pro Retina (work)
  My home devices are all logged in using my Apple ID as usual, and my work laptop uses a Apple ID specific to work, but with my personal Apple ID logged in for iMessage and FaceTime (pretty standard, I presume, for people with full-time work laptops they can bring home, etc.). Now, since I have multiple devices which are constantly syncing everything back and forth, whether it be something as simple as my contacts or as delicate and near and dear to my heart as my photo collection, I felt that maybe I should use two factor authentication for my home Apple ID, just to be on the safe side. I recognize that the two factor authentication only protects iMessage and FaceTime currently, but I implemented it with hopes that someday they will incorporate everything about iCloud and other services synced between Apple devices that you would assume should be covered by a two factor authentication update/overhaul.
  I liked this idea very much, as I use two factor for almost everything I can, but things started to fall apart one day when I had to switch to a temporary work laptop and decided to log in to iMessage with a new app specific password, as you would need to on a new device (unless you wrote down the original iMessage password, which is a terrible thing to do). When I went to create my new iMessage password for work laptop B, I decided to revoke work laptop A's iMessage password while it went in for repairs. This wasn't so bad until something seemed funny about my phone, as it was asking for me to log into iMessage again. Now, I had created a separate password for work laptop A's iMessage when I first logged in a while back, as well as a separate password for the temporary work laptop B so it didn't interfere with my other generated passwords. Apparently this didn't matter.
  I continued and created a new app password for my phone, but when I got home, wouldn't you know it, I had to log into iMessage on my home laptop again as well. I had to create a new password for that, which seemed to work for a while, but then I was prompted to enter my iMessage password on my phone again once I revoked my home laptop's iMessage password. Not following? No, me either. It seemed to me that creating separate app specific passwords for me to use across my devices didn't stay as separate as I thought they should, but instead they somehow seemed to be dependent on one another. Since I had a frustrating time trying to activate iMessage again on my iPhone and laptops on multiple occasions while this was happening, I decided to disable two factor authentication altogether.
  I suppose I should ask a question here, so here goes: has anyone else encountered this horrific two factor authentication/app specific password management issue for their own account? Have you been able to resolve it, and if so, any helpful suggestions? Thanks!

  I had also thought that initially, but after turning it on, I went to sign into iMessage with my Apple ID and regular Apple ID password, but it prompted me to create an app specific password to sign in since I had two factor authentication on, as it wouldn't let me use my regular Apple ID password to log in (which I could use to log in for everything else but iMessage and FaceTime). It was nice since I was prompted to provide a code sent to an Apple device of my choosing when signing into the Apple ID management site or iCloud.com, but forcing me to create app specific passwords for iMessage and FaceTime is kind of ridiculous and frustrating. Maybe there's a way to have two factor authentication without the need for app specific passwords? Or if not, then perhaps that would be a great option to present users when turning that feature on.

• Two Factor Authentication on Windows Server 2008 R2

  We have a small 2008 R2 Active Directory environment with 2 domain controllers and 13 member servers. We have no additional features such as an RDP gateway or Federation Services - just a plain AD setup. We now have a requirement from our client to have
  a two factor authentication solution for each time we logon to any server, either using RDP or locally. We only have 4 admins that ever logon to these servers - we do not have any "regular" users.
  Is there anything out there that would work in this environment without having to modify our AD (at least nothing major)?
  Thanks

  Hi,
  You may consider smart card:
  Smart Card Overview
  http://technet.microsoft.com/en-us/library/hh831433.aspx
  Understanding Requirements for Connecting to a Remote Desktop Gateway Server
  http://technet.microsoft.com/en-us/library/cc770519.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Having trouble with Google 2 factor authentication and Mac Calendar

  Hello!  I recently started using Google 2-factor authentication on my Google Apps (Pro) account, and have successfully configured my gmail settings in OS X Mail so that inbound/outbound work correctly.  Here's where the problem is:  OS X uses a single password in the system account settings for calendar/contacts/notes, etc, so enter the login/password once and check the boxes for what services you want to use. But Google sees these as distinctly different apps, so when I enter an app-specific password, it only registers for one (i.e.:  contacts), but not for another or the rest of them (like calendar).  Has anyone had experience in setting this up? How can you get app-specific passwords to work with the rest of the OS X system applications besides mail?
  Thank you!

  Unfortunately, I already tried this several times prior to posting here.  The system won't let me add the same account more than once, and continues to prompt me for a password multiple times for each service.

• 2 Factor Authentication and MacBook Pro

  Hi Guys,
  Is it possible to have a MacBook Pro as a trusted device for two factor authentication?
  I am signed into iCloud and 'Find my Mac' on my MBP, however it is not displaying along side my iPad and iPhone as a potential trusted device.
  Googled about can't find anything confirming?
  Thanks,
  Regards,
  John

  Unfortunately, I already tried this several times prior to posting here.  The system won't let me add the same account more than once, and continues to prompt me for a password multiple times for each service.

• Visual Studio 2013 Community Azure Login Not Working with Two-factor Authentication

  Has anybody had any problems logging in to Azure to publish when using Visual Studio 2013 Community and with two-factor authentication turned on?
  I couldn't log on until I turned off two-factor authentication.
  Regards

  Hello John,
  Thanks for posting here!
  You can try and set a credential helper like
  git-credential-winstore in order to cache your credentials. See if that helps.
  Couple of questions here:
  1) Are you using a MSA account by any chance?
  2) When you turn on two-factor authentication, do you get any error message?
  3) Did you try with different browsers?
  Looking forward to your response!
  Regards,
  Sadiqh

• Scan to Email not working - Invalid Credentials error (using gmail and 2-factor authentication)

  I configured the HP OfficeJet 8600 printer for scan to email using the Embedded Web Server interface. In the Web interface, I added/entered an email address for my gmail account, and set the correct SMTP server details, and entered 465 for the port number. I checked the "Always use secure connection" box, as well as the "SMTP requires authentication for outgoing email messages" box. I entered correct SMTP user ID and password. Yet when I did a test, I got an error "Invalid credentials" After a lot of frustration, and trying all sorts of things, I eventually got the idea to try another email account. This time I tried a different email account, a netzero email account, configured the smtp server details for it etc. And this time when I tested the netzero email address it worked. I tried the scan to email on the printer, and it worked for the Netzero email account. it just didnt work for the gmail account. I had a while back turned on 2-factor authentication. I went to gmail settings and requested an "App password" for my HP printer. Google/gmail displayed a 16 character password, which I then entered into the password box in the HP OfficeJet printer Embedded Web Server interface (instead of my usual password), for the gmail account. And this time when I tested the email account - it worked! Problem solved! .. I share this just in case anyone else is having the same problem I had, and is going through the same frustrating experience I endured!  

  Thank you. This helped TREMENDOUSLY! 

• How do I know if I set up Apple's two factor authentication?

  How can I tell if I ever set up Apple's two factor authentication and should make sure I can find the Recovery Key?

  Hi David,
  You can check to see whether you turned on two-step verification for your Apple ID by seeing if it will allow you to turn it off. Follow the instructions in this article, though you do not actually have to turn it off -
  Apple ID: Turning off two-step verification for your Apple ID - Apple Support
  Read this article for more information on two-step verification, including the Recovery Key -
  Frequently asked questions about two-step verification for Apple ID - Apple Support
  Thanks for using Apple Support Communities.
  Best,
  Brett L 

• Is ASA integration with ISE and RSA for 2 factor authentication a valid/tested design

  Hi,
  Customer currently uses ASA to directly integrate with RSA kind of solution to provide 2 factor authentication mechanism for VPN user access.  We're considering to introduce ISE to this picture, and to offload posture analysis from ASA to ISE.  And the flow we're thinking is to have ASA interface to ISE and ISE interface to RSA and AD backend infrastructure.  And we still need the 2 factor authentication to work, i.e., customer gets a SMS code in addition to its login username and password.  I'm wondering if ASA/ISE/RSA/AD integrated solution (and with 2 factor authentication to work) is a tested solution or Cisco validate design?  Any potential issue may break the flow?
  Thanks in advance for any input!
  Tina

  Hi,
  I have an update for this quite broad question.
  I have now came a bit further on the path.
  Now the needed Radius Access Attribute are available in ISE after adding them in
  "Policy Elements" -> "Dictionaris" -> "System" -> "Radius" -> "Cisco-VPN3000".
  I added both the attribute 146 Tunnel-Group-Name which I realy need to achive what I want(select diffrent OTP-backends depending on Tunnel Group in ASA) and the other new attribute 150 Client-Type which could be intresting to look at as well.
  Here the "Diagnostics Tools" -> "Generel tools" -> "TCP Dump" and Wireshare helped me understand how this worked.
  With that I could really see the attributes in the radius access requests going in to the ASA.
  Now looking at a request in "Radius Authentication details" I have
  Other Attributes:
  ConfigVersionId=29,Device Port=1025,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=SMHI-TG-RA-ISESMS,CVPN3000/ASA/PIX7.x-Client-Type=,CPMSessionID=ac100865000006294FD60A7F,.....
  Ok, the tunnel group name attribute seems to be understood correct, but Client-Type just say =, no value for that.
  That is strange, I must have defined that wrong(?), but lets leave that for now, I do not really need it for the moment being.
  So now when I have this Tunnel-Group-Name attribute available I want to use it in my Rule-Based Authentication Policy.
  Problem now is that as soon as I in an expression add a criteria containing Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name matches .* (just anything), then that row does not match any more. It still work matching against NAS-IP and other attributes.
  What could it be I have missed?
  Best regards
  /Mattias

• 2 Factor Authentication for Anyconnect VPN using ISE

  We are planning to implement dual factor authentication for Anyconnect VPN.
  The end users will be authenticated using domain name in machine certificates and username password with
  ISE used as radius server.
  We have the following approaches to achieve this :-
  1. Use primary and secondary authentication with user credentials as primary authentication
  and CN field of the certificate as secondary authentication.However this option prompts users for password for
  both the fields while we want the machine certificate to authenticate itself without a password.
  2. Second approach is to authenticate using user credentials and authorize the user to access the network if
  the machine certificate has a domain name in CN field which we are able to validate from the AD using
  Dynamic Access Policy.
  We are looking forward for discussions on the above approaches and are open to any other
  solution.

  Hi Umahar,
  Not sure I understood correct. You would like to authenticate the user using machine certificate for anyconnect and want to extract CN attribute the client's certificate and send it to the ISE server for further authenticate with AD. And also you don't want an additional password prompt to be produced to the user.
  If my understanding is correct. Then user would get a prompt for the password atleast because in the machine certificate there won't be password, but to authenticate with RADIUS/TACACS , we need both username and password. So how will the user gets authenticated without password.
  If you are looking a way to just see if the user is present under AD, not exactly and authentication then this might not be possible.

• What is the best practices to apply two factor authentication on on-premise Exchange 2013 Environment ?

  Hi, Everyone
  i want to know what is the requirements to apply two factor authentication in Exchange 2013, Through Mobile or SMS.
  what is the third party solutions of Microsoft solutions

  Hi,
  If we can deploy Active Directory Federation Services (AD FS) 2.0, it means that Outlook Web App and EAC in Exchange 2013 SP1 can support multifactor authentication methods, such as certificate-based authentication, authentication or security tokens, and
  fingerprint authentication.
  Additional, we can use TMG or Microsoft UAG to deploy MFA, please refer to:
  https://social.technet.microsoft.com/Forums/exchange/en-US/f355ffbd-7d03-45d8-b4b1-987b2db5eadf/is-there-a-way-to-do-two-factor-authentication-with-outlook-web-app-2010?forum=exchangesvrgenerallegacy
  Best Regards,
  Allen Wang

• Network Policy Server Two-factor authentication OTP

  Hello,
  I don't have much knowledge about the Network Policy Server so before digging into this; I would like to know if it offers two-factor authentication. If so, what are the possibilites? I'm looking for a validation based on a one-time password OTP (hardware/software
  token or sms) and  the Active Directory user/pwd.
  Is there anything builtin in the Network Policy Server offering this?
  Thank you!

  Hi,
  NPS supports smart card.
  Two-factor authentication provides improved security because it requires the user to meet two authentication criteria: a user name/password combination and a token or certificate.
  A typical example of two-factor authentication with a certificate is the use of a smart card.
  To use smart cards for remote access authentication, we may do the following:
  Configure remote access on the remote access server.
  Install a computer certificate on the remote access server computer.
  Configure the Smart card or other certificate (TLS) EAP type in remote access policies.
  Enable smart card authentication on the dial-up or VPN connection on the remote access client.
  For detailed information, please refer to the link below,
  Using smart cards for remote access
  http://technet.microsoft.com/en-us/library/cc783310(v=WS.10).aspx
  Best Regards.
  Steven Lee
  TechNet Community Support

• Apple mail and google 2 factor authentication

  I am using 2 factor authentication to connect with gmail. I receive messages without a problem, but when I try to send mail I frequently get a cannot connect error asking for the password to be re-entered. I will then get a new application specific password for gmail and replace the SMTP password. That will work for a day or two, but then it will again fail for sending messages.
  Does anyone know if there are particular problems using 2 factor authentication with gmail and OSX mountain lion mail> Am I missing some setting?
  thanks for any insights.

  I had looked there several times - and it didn't specifically discuss 2 factor authentication - that is why I posted my question. I had followed instructions and continued with problems.
  Yesterday there was a Macworld article posted online about gmail imap. One thing mentioned in the article that is in addition to what is on the google site is that under system preferences there is a mail contacts panel where the gmail password can also be entered.
  I generated a new app specific password and entered it in all three places (sys pref panel, imap server, and smtp server.)
  At this time that seems to be working.
  Will have to see if it sticks.
  Google also had a help item suggesting that if the ask for password dialog pops up when attempting to send mail then get a new app specific password and enter it into that box.
  Hopefully the issue is resolved. will give it a few days to be sure.
  Thanks

• Trouble with iCloud 2 factor authentication in outlook app

  I am using 2 factor authentication on my iCloud account.  I recently downloaded and setup Microsoft's new outlook app on my iPhone and iPad.  I find it very useful for what I like to do.  I added all of my email accounts as well as dropbox and other things with no issue (gmail, outlook, and dropbox have 2 factor enabled as well).  I generated a passcode for iCloud on the 'manage apple ID' site.  I inputted it into the iPhone first and it worked like a charm. Then, however, I did the same thing on my iPad. Initially, I generated a new passcode, and used that for the iPad.  It worked, but then when I used the iPhone I got the message "We are having trouble accessing your account.  Please login again."  And it brings up the window to put in the passcode.  I thought it might work if I used the same password for both the iPad and iPhone but the same thing happens.  As soon as I put a passcode in one the other stops working.
  Some more details in case it is relevant.  I use outlook on the PC as well (also uses generated iCloud passcode), and it is unaffected.  As I said, I use other accounts with 2 factor, and they all work fine on both the iPad and iPhone in the same app.  I am using an iPhone 6 Plus and a 4th Gen iPad, both running iOS 8.1.3.  I am nowhere near the maximum generated app passwords under iCloud.  I am receiving an email each time I generate a passcode and it shows up in my history.  I am giving the passcodes different names.

  Hi,
  You'll have to create an App-specific password to work around this.
  Go to:   https://appleid.apple.com/account/home
  Select: Manage your Apple ID
  Log in with your credentials and if applicable your Verification Code
  Select: Password and Security
  Select: Generate an App-Specific password
  You'll have to give the app a name. You can use the generated password for Outlook. You can use the same password on all of your iDevices that has Outlook for iOS if applicable.
  Have fun
  Lennard

• 2 Factor Authentication YouTube Uploads.

  I have gone to Google and put iMovie in for two factor authentication.  When ever I close down iMovie I have to go back to Google revoke the old one and do it again.
  So here is the question.
  When I put the Authentication code in for Youtube after I create it in Google I am able to upload my video for it logs in.
  When i open iMovie again at another time it says invalid or incorrect username and or password.
  So let me make sure I am doing this right.
  I get the Authentication code from Google.
  I enter it into iMovie for Youtube uploads.
  When I close the app and come back to iMovie and I to use my Youtube password or the Authenication code.

  You've essentially got it right, but I think you're getting confused between the "authentication code" and the "application-specific password".  iMovie won't work with an authentication code, you need to create an "application-specific password" in your Google account, and use that in iMovie. (just to be clear, the "authentication code" is the four-digit code that you get in a text message or on your phone app, after you use your regular password. The "application-specific password" is a special password that completely bypassses 2-factor authentication - it's not as secure, but lets you continue using programs like iMovie that don't work with 2-factor authentication).
  But the problem is that iMovie won't remember your password between restarts, and Google won't show you what the password is after that first time. There are two possible solutions:
  Use "Keychain Access"  (or a program like 1Password) on your Mac to securely store your password, you can then retrieve it from Keychain Access and paste it into iMovie the next time you need it (if iMovie did remember your password, this is where it would be stored anyway. You'll find Keychain Access in your "Utilities" folder).
  Every time you use iMovie, go into your Google Account and "revoke" the old iMovie password, then create a new one to use in iMovie.
  If you go with my 1st suggestion, make sure you always use something like Keychain Access or 1Password to securely store your passwords. Never save it in a text or Word document or a "note taking" app, etc since those are not secure enough for passwords.