Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a security procedure where the user, besides the password, must provide a second authentication factor in LIBSAFE. This second factor depends on the type selected for this authentication; in this case, we have the OTP (One-Time Pin) method available.

This authentication method requires that an external tool (e.g., FreeOTP) takes care of generating the one-time pin to access LIBSAFE. Said pin is only valid for 30 seconds, after which time it will not be valid any longer and we will have to create a new one.

To generate said pin, the external tool we use will need a series of general parameters and a secret individual key for each user. The general parameters are the following:

• Type: time-based (TOTP)

• Interval : 30 seconds

• Digits : 6

• Algorithm : SHA1

The secret key can be generated by LIBSAFE in the user creation / edition, in the Security options section (once “Yes” is selected to activate the Two-Factor Authentication), by clicking on the Generate random key button. It can also be introduced by the systems administrator, as long as the following conditions are met:

• It must have an exact length of 16 characters

• It must be a Base32 alphanumeric sequence (it only takes capital letters A-Z and numbers in the 2-7 range).

When it comes to user creation / editing with the two-factor authentication access activated, we must make sure that the user receives the general parameters for the pin generation, with the external tool, as well as the secret key. Otherwise, the user will have no chance to access LIBSAFE.

LIBSAFE limits the insertion and editing of certain data from users to systems administrators, to avoid the entry of fake administrative information which could lead to data theft or illegal impersonation. The internal procedures of the company or institution using LIBSAFE will have to take care of the verification of said data and its management by LIBSAFE’s systems administrator.