Forum / Remote Desktop Manager - Feature Request

User switchable Two-Factor Authentication

  • Create an Issue
  • Cancel

I have an issue where we are using Google Auth but if a user leaves their phone at home accidentally, or if it goes flat, that user cannot log in or do any work unless they ring me and I log in and change their method from Google Auth to E-Mail. This is very problematic as our business is 24/7 and around the globe and I get phone calls at all hours. Because of this I have had to turn off two-factor authentication.

I would like to see an option for the USER to change their method themselves. They load the application and it asks them for their Google Auth code but it gives them an option to "use another authentication method" and when they click on that they are given options as set by Admin.

Here is an example of how Sophos does it, which works brilliantly.

image image

http://imgur.com/lCWCPHQ
http://imgur.com/7ER4Ydt

Clock2 yrs

Thank you for the suggestion. We are planing to add the One time passcode soon. This will be a list of code that you can generate for your user and use once. This could be a good workaround if you loose you phone.

Regards

David Hervieux

signaturesignature

Clock2 yrs

Hi David,

Thanks for the reply.

I don't think a one time passcode is a valid solution as it still requires the user to contact the admin. We have 150 staff, in six different countries around the world, so I would need to be available 24/7 to take phone calls to generate a code.

As per the Sophos example, it would be better if the USER was given the option to use an alternative method of authentication. On the screen that asks for the Google Auth code it should just have a link saying "use alternative method". It would then list the other valid methods, such as email, and the user could select that, receive the email and enter the code.

The critical component here is that the admin should be able to choose multiple methods and allow the USER to choose which one to use without any Administrator input.

Stuart

Clock2 yrs

Hi,
It's not exactly that. Each user will be able to generate her one time pass code and he will be the only one with the list. Those pass code are not saved in the database. This means that once it generated, it's impossible to retreive the list. They will need to print or save the information. Anyway I will enter a feature request for the switchable 2FA.

Regards

David Hervieux

signaturesignature

Clock2 yrs