With so many employees working from home, organizations are looking for ways to enhance the security of their data, often spread between on-premises and cloud data stores, without compromising employee productivity. For enterprises using the Enterprise File Fabric™ , activating Two Factor Authentication (2FA) is an easy way to improve information security with minimum disruption for end users.
The File Fabric’s 2FA feature is managed by administrators from the Security tab of the Policies page.
Here the administrator can select one of three different types of 2FA:
When the Email option is selected, each time users want to log in to their File Fabric account they will have to provide a one-time password (OTP) that has been emailed to them using the address that is registered with their File Fabric account. These OTPs are generated at the time the login is attempted and they cannot be reused. The Email option is the simplest of the three for users because it does not require them to do any setup.
The Phrase option is similar in some ways to a second password. Each user is responsible for establishing a phrase and saving it in the File Fabric and users can change their 2FA phrases whenever they choose. 2FA phrases differ, however, from conventional File Fabric passwords in two important ways:
- If a user forgets his password he can get a link to create a new password by clicking a button on the login screen. This is a self service process. If the user forgets the 2FA phrase he/she will have to ask the File Fabric administrator to intervene. This gives the organization an extra degree of control over restoration of access.
- Many organizations have delegated File Fabric authentication to an enterprise authentication system such as Active Directory or LDAP or a SAML based system. In the event that the enterprise authentication system is compromised, users’ passwords may no longer be secure. Because the File Fabric’s 2FA phrases are not stored in the enterprise authentication system, users’ File Fabric accounts will remain secure in the event of such a breach.
Like the Email option, the Google Authenticator option also relies on OTPs. In this case though, users generate one time passwords themselves using an application provided by Google that runs on their mobile devices. When this option has been selected by the administrator, users must use Google Authenticator to capture a QR code from the File Fabric before they can log in for the first time.
Once 2FA has been activated for an account, the second factor must be provided on every login regardless of the client program that is being used. This includes the browser based File Manger, our Windows and Mac desktop tool sets, and the mobile client applications that we provide for iOS and Android phones and tablets.
The File Fabric’s two factor authentication system is available on all File Fabric editions, works across the 60+ storage solutions that the File Fabric supports, and is provided at no additional cost to all business customers. Activating it is a simple way to improve protection of enterprise data. We recommend that every organization that is managing sensitive information with the File Fabric take advantage of this simple yet powerful security feature.by