https://support.telcred.com/documentation/index.php?action=history&feed=atom&title=Two-factor_authenticationTwo-factor authentication - Revision history2026-04-06T14:54:44ZRevision history for this page on the wikiMediaWiki 1.39.1https://support.telcred.com/documentation/index.php?title=Two-factor_authentication&diff=31&oldid=prevTelcredstaff: Created page with "== Introduction to two-factor authentication == Authentication is all about establishing that someone is who they claim to be. Most online services authenticate users using o..."2018-03-27T11:34:45Z<p>Created page with "== Introduction to two-factor authentication == Authentication is all about establishing that someone is who they claim to be. Most online services authenticate users using o..."</p>
<p><b>New page</b></p><div>== Introduction to two-factor authentication ==<br />
<br />
Authentication is all about establishing that someone is who they claim to be. Most online services authenticate users using only username and password. This is called one-factor authentication (something you know, i.e. the password). Two-factor authentication, instead, is typically based on something you know and something you have. In Telcred's case the second factor is a small device called a Yubikey from the company [https://www.yubico.com/ Yubico].<br />
<br />
There are other variants of two-factor authentication, e.g. something you have and something you are (e.g. fingerprint, retina scan). It is also common to combine a password with a one-time-password sent through SMS. In this case it could be debated whether it really is two factors and, also, the security of sending codes through SMS based has been criticized.<br />
<br />
== Using Yubikey OTP with Telcred ==<br />
<br />
Yubikeys exist in [https://www.yubico.com/products/yubikey-hardware/ several different variants]. Most of them support Yubikey OTP, but check before buying. The Yubikey is inserted into a USB slot and appears as a keyboard to the computer. When triggered by touching it, it generates a string of 44 characters. The first 12 characters are always the same and linked to the user ID, while the following 32 characters constitute the one-time-password.<br />
<br />
When creating or editing an officer in Telcred Access Manager, place the cursor in the field ''Hardware OTP'' and trigger the Yubikey. Then click ''Save''. <br />
<br />
<br />
[[File:otp_officer1.png|OTP for an officer]]<br />
<br />
<br />
There is no need to strip away the one-time-part of the code, the system does this automatically. <br />
<br />
<br />
[[File:otp_officer2.png|OTP static part]]<br />
<br />
<br />
From now on, the system will require a valid one-time password at every login for this officer. At login, simply enter the username and password first, and then trigger the Yubikey with the cursor placed in the ''Hardware OTP'' field. <br />
<br />
<br />
[[File:otp_login.png|OTP login]]</div>Telcredstaff