Securing your Altair SmartWorks Account with Two Factor Authentication
Two-factor authentication (2FA or TFA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.
- Activating the Two Factor Authentication service in Altair SmartWorks Cpanel
- Authenticating with Google Authenticator
- Possible problems
Two-factor authentication provides an additional layer of security and makes it harder for attackers to gain access to a Altair SmartWorks Cpanel account.
Altair SmartWorks uses the Time-based One-time Password Algorithm (TOTP) to implement the two step verification. TOTP is an algorithm that computes a one-time password from a shared secret key and the current time.
The secret key is obtained by the user at the moment of activating the service in Altair SmartWorks Cpanel and is tipically stored in a password generator software such as Google Authenticator.
To activate the service you have to update your account settings:
- Account settings
Please check the last option "Two Factor Auth (TFA)". You will be prompted to introduce a valid One-time Password based on the secret token showed, before activating the service. You will also find QR Code to help you save the token on your preferred password generator software.
At this point, you should use a password generator software to save your secret token and avoid the complexity of the one-time password calculation!
- Two Factor Authentication activation
Please be careful to save the secret token in a safe place. The loss of this token may cause you to be unable to access your account!
Once a valid One-time Password submited in the "TFA Check" field, the service will be activated. Please keep in mind that the secret token will never be shown again. It is really important to have saved it in a safe place.
- Two Factor Authentication activated
The token can be renewed at any time... But don't forget to renew it also in the tools you are using to generate the one-time passwords!
Google Authenticator is one of the most commonly used password generator using the Time-based One-time Password Algorithm (TOTP).
Please install the application on your favorite device. The app is available for both Android and IOS.
The first time you launch the app you will be prompted to add a new account:
- Add your Altair SmartWorks Account
You can add your Altair SmartWorks account manually introducing a description and the secret key provided in the Altair SmartWorks Cpanel. But the easiest way is to scan the QR Code provided in the account settings screen that we have seen previously.
Once the code correctly scanned, the app will automatically show a valid one-time password for your Altair SmartWorks account authentication. Please take care the password is valid only for 30 seconds and will be renewed after its expiration.
- One-time password
You can use this password to authenticate yourself in Altair SmartWorks during its validity. Copy and paste the code or be quick typing, you only have 30 seconds!!
Next time you will successfully login in the Altair SmartWorks platform with your "traditional" user and password, you will be prompted to provide a valid one-time password computed from the secret key and the current time.
You can use the password provided by Google Authenticator during its validity. Copy and paste the code or be quick typing, you only have 30 seconds!!
- One-time password verification screen
If you are loging in a private device you can check the option "This is a trusted device, remember me" to avoid repeating the 2fa process every time. Be careful not to check this option in a shared device.
Be careful, if you renew your secret token all your trusted devices will be lost.
Please be aware that if you renew the token using the token renewal button of the Altair SmartWorks Cpanel account settings form, you will have to renew it in all the password generation apps in which you have your account saved.
For example: you have Google Authenticator installed on your tablet and your mobile phone and you saved the Altair SmartWorks account credentials in both devices. If you renew the token in Altair SmartWorks Cpanel, you must also renew it on both devices.
To renew the secret token of an account in Google authenticator, just just click on the add account button and rescan the QR code. The secret code of the existing account will be automatically updated (the account will not be duplicated).
I lost the device where I had Google Authenticator configured:
Do you remember the advice to save the secret token in a safe place? Well, at this moment it is of critical importance to have done it!
If you did, there's no problem: reinstall the Google Authenticator app in your new device and add manually a new account. You will be prompted to introduce the account name (free text to identify the account) and the secret token that will be stored to calculate the one-time passwords. Finally leave the Time-based method selected and add your "new / old" account.
- Manually add the account
I checked the option "This is a trusted device" but it won't be anymore:
What happens if you sell your computer or change your mobile phone and you chose the option "This is a trusted device, remember me" during the 2FA verification? You can "untrust" the device directly in the Altair SmartWorks Cpanel update account form:
- Untrust the device