How it works
What is Two-Factor Authentication?
Two-factor authentication (2FA / MFA) is a security mechanism that provides an extra level of protection for online accounts. 2-factor authentication involves using an additional factor, such as a smartphone or a hardware OTP token, to confirm the user’s identity.
Through the requirement of this additional factor, unauthorized individuals are prevented from accessing the account, even if the password has been breached. This provides enhanced security and mitigates the danger of unsanctioned account access.
How Two-Factor Authentication Works?
- The user submits the password.
- The user provides the one-time code from the hardware OTP token or phone.
- The one-time code is sent through the API to Protectimus.
- Protectimus verifies the one-time code in real time, and your application instantly receives a positive or a negative response.
- If both passwords are correct, the user is granted access to their account.
What Is the Purpose of Using Two-Factor Authentication?
With the increase in online threats such as phishing, social engineering, hacking, and identity theft, relying on passwords alone is no longer sufficient to safeguard confidential data. Hackers often fraudulently access passwords through theft, guessing, or hacking techniques without the user being aware.
This is where two-factor authentication comes in. 2FA adds an extra level of protection, making it much more difficult for unauthorized individuals to gain access to an account even if passwords are compromised. One-time passwords used as a second layer of protection are unique and valid for only a short period, typically 30 seconds.
Moreover, if you use 2FA chatbots in messaging apps, push, email, or SMS as the second authentication factor, users are immediately notified on their phone if an unauthorized login attempt is detected.
What 2-Factor Authentication Methods Do We Support?
We offer several authentication methods, giving you the option to choose the most convenient and reliable for your users.
See the Tokens section for more information.
- iOS 2FA application Protectimus SMART OTP;
- Android 2FA application Protectimus SMART OTP;
- Programmable hardware OTP tokens Protectimus SLIM and Protectimus FLEX;
- Classic hardware OTP tokens Protectimus TWO;
- Chatbots in messaging apps Messenger, Telegram, and Viber;
- SMS authentication;
- Email authentication;
- Push notifications.
What Authentication Algorithms Do We Use?
The Protectimus two-factor authentication solution supports all standard Initiative for Open Authentication (OATH) algorithms – HOTP, TOTP, and OCRA. As a coordinating member of the Initiative for Open Authentication and by leveraging OATH standards, we ensure our MFA solution is open, secure, and easy to use.
- HOTP (HMAC-based One-Time Password) is an event-based algorithm that generates one-time passcodes based on a secret key and a counter.
- TOTP (Time-based One-Time Password) generates OTP codes based on a secret key and the current time. The TOTP password is valid only for a short period, typically 30 seconds, and a new password is generated automatically after that period.
- OCRA (OATH Challenge-Response Algorithm) is an algorithm that combines a challenge (a randomly generated value) and a secret key to generate a one-time password. This algorithm is highly versatile and is used for login authentication and transaction verification. The Protectimus Confirm What You See (CWYS) feature is based on the OCRA algorithm. CWYS function allows verifying and signing data and transactions.
How Do I Set It Up?
- Registering in Protectimus Cloud Service or downloading and installing Protectimus On-Prem Platform.
- Activating the API in one click.
- Adding users or synchronizing the Protectimus 2FA system with AD/LDAP.
- Enrolling tokens and assigning tokens to users.
- Integrating Protectimus into your infrastructure through existing plugins, libraries for major programming languages, or a well-documented API.
- Find more information in the Integrations and Guides sections.
Knowledge Base
How do to set up two-factor authentication in Roundcube?
To begin setting up two-factor authentication for the Roundcube client, download the Protectimus 2FA plugin for Roundcube from GitHub and install it. For adding two-factor authentication to Roundcube find plugin setup instructions on the official plugin repository for Roundcube Webmail. After installing the Roundcube 2-factor authentication plugin, register with the Protectimus service, and create a resource, user, and token. Assign the user and token to the resource.
Why do I need two-factor authentication in Roundcube?
Most services use email for changing passwords and restoring access to accounts. That means that reliable email access protection — and in this case, that means Roundcube authentication security — is fundamental to IT security in general. Even if you use a secure password, that password could be intercepted by a keylogger, brute-forced, or obtained using phishing or social engineering. Two-factor authentication adds an extra level of Roundcube brute force protection — one-time passwords are valid for 30 to 60 seconds. They can’t be guessed or collected, and they’re difficult or impossible to intercept.
Why Protectimus is the best Roundcube 2FA plugin?
Two-factor authentication protects Roundcube from keyloggers and brute-force attacks. It also guards against phishing and social engineering attacks, and data signing functionality protects against man-in-the-middle attacks. Roundcube just can’t be secure without a verified multi-factor authentication plugin for Roundcube. The Roundcube MFA plugin from Protectimus lets you configure multifactor authentication for Roundcube in just a few minutes. Features available in Protectimus’s solution include geographic and time-based filters, self-service, CWYS data signing, user environment analysis, and a broad assortment of 2FA tokens to choose from.
What Roundcube two-factor authentication method should I choose?
The Protectimus multi-factor authentication plugin for roundcube supports hardware OTP tokens with hard-coded secret keys, the reflashable Protectimus Slim NFC hardware token, the Protectimus Smart 2FA app for iOS and Android, email, and SMS authentication. Roundcube two-factor authentication methods also include delivery of one-time passwords over Telegram, Viber, and Facebook Messenger. Hardware tokens are the most reliable OTP tokens. These tokens cannot be infected by viruses, and intercepting one-time passwords is impossible. Messaging service chatbots are both convenient and secure; however, we don’t recommend SMS-based authentication.
How to secure Roundcube?
When setting up the Roundcube Webmail client, make sure that all the basic security rules have been taken into account: the connection between Roundcube and the mail server is protected with an SSL certificate, email encryption is set up, and 2-factor authentication plugin for Roundcube Webmail security is built in. With Protectimus Roundcube OTP Plugin adding two-factor authentication to Roundcube will be done in just a few clicks.
