Complete

Add two-factor authentication to Webroot SecureAnywhere console login (RSA dongle)


Userlevel 7
Please integrate 2-factor authentication into Webroot SecureAnywhere online console for home and bussines users. Most people are familiar with this as an RSA dongle or something like the WoW Authenticator. https://us.battle.net/support/en/article/battle-net-authenticator-faq. The security lies in that logging in requires something you know (your password) and something you must HAVE (a physical thingy).
 
However, what most people don't know is that companies don't need to make their own special authentication dongle. There are drop-in, generic retail dongles that work across mutliple services.  Customer can buy their own dongles, Webroot doesn't need to provide or sell them. For example, the Yubikey http://www.yubico.com/.
 


 
Webroot's password toolbar service is actually a rebranded LastPass service, which already supports the Yubikey.
http://helpdesk.lastpass.com/security-options/yubikey-authentication/. Part of your product is actually already two-factor enabled.
 
As a "security company," Webroot should be pushing hard for 2-factor authentication.
 
And it's a very attractive feature for business customers. Webroot's console is cloud-hosted so you are already removing the additional VPN access factor for companies to administer your product. Adding two factor is a good idea.

This topic has been closed for comments

21 replies

Userlevel 7
I partly agree. I think it's good idea for business applications, i.e. WSA Endpoint where I see the value of such multisteps authentication but not  for home users. So I would give this idea a half of Kudos but because it's not possible I am giving the whole one Kudos ;)
Userlevel 7
I completely agree with Pegas... I understand Explanoit's situation as an Endpoint Administrator, but I do not need this function for myself.  OK, I will give another 1/2 Kudo as well!  
 
I think this is something that if it has not been posted in the business forums probably should be.  You might receive more feedback and support over there as it is more of an issue to the Endpoint users/admins.
Userlevel 7
I agree that this looks more like a Business request and Explanoit is a business customer, so we'll move it over to Feature Requests.
Userlevel 7
However, I do not believe that two-factor authentication should be considered a business-only feature anymore.
 
See what Twitter is doing:
https:///t5/Security-Industry-News/Twitter-Looking-to-Beef-up-Security/m-p/24848
 
 
Regards,
explanoit
Userlevel 6
Agree, 2FA is kind of "must have" for any cloud service.
 
When you are thinking about 2FA seriously, please contact me to provide you with the most secure and less expensive mobile token solution. We successfully deployed this with severals banks already.
 
BR,
Gyozo
Userlevel 5
Badge +12
We are considering two factor authentication processes, but I do not anticipate we would use Yubi key. Instead we would offer a trustpass system via email or SMS.
Userlevel 7
I can login to the WSA console 10 times a day, SMS based codes wouldn't be fun for my phone plan. And if someone has compromised me so severely as to have access to the WSA password I'm concerned they may have my email, as well.
 
I recognize I'm an edge case but I wanted to put this out there.
Userlevel 6
Why would you spend money for SMSs?!
 
I can suggest better solution, just let's do it in private if you were interested.
Would it be possible to use Google Authenticator for the 2nd authentication factor?  I currently use this for Google Apps, LastPass and Facebook and it works really well.  It works on both iPhone and Android.
https://code.google.com/p/google-authenticator/
Userlevel 7
:@
https://twitter.com/Webroot/status/393796055298736128
Userlevel 7
Badge +56
Userlevel 3
Totally agree with the need for 2FA on the business endpoint product - in fact without 2FA console security is reduced. In the absence of 2FA/pending its introduction remove the more powerful agent commands eg download and run.
 
My preference would be authenticator app or failing that SMS - I would much rather be inconvenienced by SMS' than accept reduced security in accessing the console
 
Rocky
Userlevel 3
Heartbleed/OpenSSL flaw - Another reason for full two factor authentication on console sign-in
 
Rocky
Userlevel 7
Just yesterday I sent an email to Webroot already lamenting the fact that this feature still doesn't exist and that it's completely unacceptable.
This needs done ASAP to meet higher security requirements of today's standards such as HIPPA for business!
Userlevel 6
Badge +27
I think adding 2FA is a great idea. Supporting the Yubikey would be awesome
Userlevel 6
Badge +27
Our company uses a combination of Yubikey and Google Authenticator to log into sensitive sites and we think that adding another layer to the GSM logon screen would be a good idea. I currently love the custom 6Digit prompt after the password, but adding the ability to use my Yubikey would be great.
 Given the nature of what you can do in the portal this should kinda be a big deal and not that hard to implement given the maturity of the likes of Google Authenticator etc.
Another vote for working with Google Authenticator or some sort of OAuth service. 
 
FWIW, Sophos already offer this and a one time pass code via text message. 
Userlevel 7
Badge +35
We are reviewing all feature requests - switching status to get it into the appropriate queue.
Userlevel 7
Badge +35
This is a duplicate feature request and has been closed.  Please https://community.webroot.com/t5/Feature-Requests/Add-Google-Authenticator-two-factor-authentication-to-Webroot/idi-p/274391 .

Cookie policy

We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

Accept cookies Cookie settings