2FA with Google Authenticator pops up unnecessarily
Hi,
When using RDM the Google Authenticator pops up after my computer resumes from standby and I try to open a connection. Below the popup, the connection is still opening, however, and even if I cancel out of the pop up I can still use the connection.
Probably has something to do with the TCP connection being reset and RDM trying to refresh from the server (and using the unrefreshed data in the meantime).
From a functional perspective, this behavior is really silly. If from a security perspective I need to enter my 2FA again, I can get that, but then it shouldn't use old data in the background. It should behave more like a website where I login once when I start the browser and then get a session cookie that I can reuse with a TCP reset.
And to make things functionally even less logical, when I do a 'normal refresh' (e.g. File -> Refresh) RDM doesn't need me to reauthenticate but after a standby-resume I do.
And to make matters worse, now I get my customers commenting that this 2FA isn't safe at all (because they saw this behavior in a demo) :-(.
Can you please fix this? :)
Bas
All Comments (12)
Hello,
What version of RDM are you using?
What data source type are you connected?
Best regards,
Érica Poirier
RDM 12.0.8.0 connected to (only) a DVLS server (4.0.7.0).
I am using the (newer) server side 2FA, not the (older) one configurable in the client.
Hello,
Does RDM is configured with values different than the default settings in File - Options - Security?
Best regards,
Érica Poirier
Yes, all is default.
Hello,
We have been able to reproduce this behavior in a different manner but with the same conclusion.
A ticket has been submitted to our engineering department.
Best regards,
Érica Poirier
Hello,
The solution to this issue is to set one or more options in the Lock section of File - Options - Security. With one of these options activated, if you cancel the 2FA prompt, RDM will not open.
It is possible to set these options in Administration - Data Source Settings - General - Security. This way, the options are set by your DVLS instance and send to the clients. The users will not be able to disable these options in RDM.
Best regards,
Érica Poirier
I can see how this would 'fix' the issue. I have two problems with this:
1. I'd rather have it not ask in the first place as I don't see the added security
2. This is dependent on the client settings so a nice solution as it's hard to control client settings for all workstations of all employees in the company
2 -> this is the reason we waited for server side 2FA to become available before using 2FA at all and to get a DVLS server license (instead of SQL)...
Just to be sure I understand, you would like RDM to close all the opened connections when the 2FA is cancelled or wrong?
Regards
David Hervieux
No, that wouldn't really help as the connection has already been made at that point.
My preference would be not to ask for 2FA at that point as I don't see any added security value (nor any other good reason) to ask for 2FA again.
Bas
I think I understand the problem. Thank you very much. We will work on a fix for that quickly.
Regards
David Hervieux
Hello,
We have been able to reproduce the issue exactly as the one you get. This will help the engineering department to resolve it.
Thank you very much for your patience and for you explanations on this issue.
Best regards,
Érica Poirier
Hi,
I have made a fix. This will be available in the next beta.
Regards
David Hervieux