Two-factor authentication

From Telcred documentation
Jump to navigation Jump to search

Introduction to two-factor authentication

Authentication is all about establishing that someone is who they claim to be. Most online services authenticate users using only username and password. This is called one-factor authentication (something you know, i.e. the password). Two-factor authentication, instead, is typically based on something you know and something you have. In Telcred's case the second factor is a small device called a Yubikey from the company Yubico.

There are other variants of two-factor authentication, e.g. something you have and something you are (e.g. fingerprint, retina scan). It is also common to combine a password with a one-time-password sent through SMS. In this case it could be debated whether it really is two factors and, also, the security of sending codes through SMS based has been criticized.

Using Yubikey OTP with Telcred

Yubikeys exist in several different variants. Most of them support Yubikey OTP, but check before buying. The Yubikey is inserted into a USB slot and appears as a keyboard to the computer. When triggered by touching it, it generates a string of 44 characters. The first 12 characters are always the same and linked to the user ID, while the following 32 characters constitute the one-time-password.

When creating or editing an officer in Telcred Access Manager, place the cursor in the field Hardware OTP and trigger the Yubikey. Then click Save.


OTP for an officer


There is no need to strip away the one-time-part of the code, the system does this automatically.


OTP static part


From now on, the system will require a valid one-time password at every login for this officer. At login, simply enter the username and password first, and then trigger the Yubikey with the cursor placed in the Hardware OTP field.


OTP login

Retrieved from "https://support.telcred.com/documentation/index.php?title=Two-factor_authentication&oldid=31"