Webroot Management Console Update - Email from Chad Bacher

Show first post

26 replies

Userlevel 3
Badge +6
Would it be possible to add the security code or a MFA layer to the agent commands as well, so one has to type a code in before you could submit an agent command? I don’t believe one should disable functionality just because of security concerns, but rather work around it to implement better security with the current functionalities. Reducing functionality is ultimately just giving in to threat actors as they accomplish more than just causing damage, they affect the usability of the product and make life more miserable and inconvenient for MSP's.

I agree that adding an MFA layer to the agent commands would be very effective. I mean if a threat actor has acquired access to your MFA then they have dug pretty deep and its pretty much an all bets off situation.

I like using Duo Authenticator for OTP, but even better, if you could consider implementing Duo Authentication with push authentication, that would be excellent!

I implemented Duo Authenticator as MFA on a web based management system this past weekend. It took a few hours to get the existing login code adjusted to allow for addition of the Duo code.