2 Factor Authentication for Global Site Manager?


Userlevel 2
Badge +9
Are there plans to add 2 factor authentication to the SecureAnywhere Global Site Manager (GSM)?  Even if it's just a code via SMS or Email, that would suffice.  The secondary password is good, but feels inadequate.

6 replies

Userlevel 6
Badge +27
Hey @bbarnes
 
Short answer is yes, there's plans for 2FA through things like SMS/Yubikey etc...
 
John
Nerds On Site
Badge +3
Hi, is there any schedule for 2FA, and is it going to be Google/MS authenticator application compatible?
 
As a new customer this was quite surprising, that the Global Site Manager is behind a "Security Code" instead of proper 2FA.
 
All current systems that I'm administrating, are 2FA'd with MS Authenticator app. These range from cloud to on-prem, O365 to NAS systems to RMM's etc., so for a security product this should be the very top of development priority.
 
Otherwise very happy with the product so far.
Badge +1
This has been 2 years and I'm suprised this has still not been implemented. The fact that the secondary password is actually stored in plain text (so you can prove the letters are correct makes it even more worrying.
Seeing Webroot also posting on their blog 2 years ago at https://www.webroot.com/blog/2017/11/07/two-factor-authentication/ about enabling 2factor is also rather ironic.

Any update on this?
Userlevel 7
Badge +31
Hi all,

Based on the feedback we have received from customers, we are looking to integrate with existing 2FA providers rather than implement our own mechanism.

We are still open to input on this , so please do post away as to what you'd like to us to do .


Regards

Jonathan Giffard
Senior Product Manager
Badge +1
Thanks Jonathan - I would agree that rolling your own is a waste of your time. As far as I'm concerned, I would not force users down any particular 2FA endpoint - we should be able to use any 2FA authenticator app on the phone whether it's google, duo, microsoft, authy etc - all we would need is the 6 digit otp. Push notification would be a plus in the ease of use but I would not imagine that to be a must have.
There are lots of search results for "add google authenticator code to website" and as this is a standard you wouldn't be tying anyone down to any one particular authenticator app.

I would hope that there are no admins using Webroot who do not have a 2FA app on their phone already for all the other administration tasks they do, so I don't think this is too much of an onerous task -especially for a security company.
Badge +1
JGiffard wrote:

Based on the feedback we have received from customers, we are looking to integrate with existing 2FA providers rather than implement our own mechanism.

We are still open to input on this , so please do post away as to what you'd like to us to do .



Agreed - it makes no sense producing your own. There are lots of existing 2FA providers out there with straightforward integration options as @helsby mentioned previously.

Please prioritise this issue. It's preventing us selling Webroot into certain companies due to security requirements (MFA everywhere).

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings