If you, or your organization, need access to high-value or sensitive accounts and records (like banks, emails, customer data, and more) you may be thinking about adding an extra layer of security to supplement usernames and passwords. Time-based one-time password (TOTP) codes are a form of two-factor authentication (2FA) that add an important second layer of security for logins. They work by prompting the user to provide a multi-digit verification code in order to be authenticated. The verification code is typically sent via an SMS text or a 3rd party authenticator app like Google Authenticator. The two-factor authentication code ensures that the person logging in is not being impersonated. The codes may look like this:
Why use them?
Because even the most frequently updated and strongest credentials can still be stolen in a data breach as highlighted all-too-often in the daily news. 2FA is a form of multi-factor authentication (MFA) and it is recommended as a best practice by the US National Institute of Standards & Technology (NIST) to reduce risk.
Please check out our video instructions below:
Why doesn’t everyone use them?
Well, no one wants to slow down or complicate logins, but it can be a necessity. Many users might avoid using them because of the potential hassle factor, but very often an organization will require them for IT security purposes.
The current TOTP two-factor code process is fraught with complexity:
- The user must access another device, or application, then quickly copy and paste, or manually transcribe, the code before it expires.
- If the user needs to share a login credential with others, the inconvenience of setting up two-factor codes is multiplied as every user must refer to that user for the code in order to complete the shared login.
- Verification codes sent via SMS are also known to be vulnerable to a “SIM port hack” that can send the code to a cyber crook.
- Most authenticator apps that store the codes for multiple accounts are actually locked to a specific device. So, if the device is ever lost, the user will have to start all over and reset 2FA on multiple sites…a tedious experience.
To address all of these two-factor code pain points and to promote the use of 2FA, Keeper has developed a fully-integrated security layer that adds two-factor codes directly in vault records. A Keeper user simply adds the two-factor code into the vault record field and then it will automatically be filled when logging in via the Web Vault or Browser Extension.
With Keeper Two-Factor Codes
- There will be no need to fumble with a separate device or authenticator app.
- The user can also share the records with two-factor codes amongst multiple users, significantly simplifying login management for team passwords, such as social media accounts and IT logins.
- Like all Keeper vault records, the codes are encrypted, backed up and securely synced to all of your devices. Even if you lose your device your codes are safe in the Keeper vault and there is no need to reset them all.
It’s simple to add the two-factor code into a record via a scanned quick response (QR) code that is displayed during the setup process on the site. This code contains a “security key” which is used as a basis to generate the TOTP code for logins. It looks like this:
On mobile devices the user can take a camera shot of this code. On desktops, a screenshot of this code is clipped so it can be imported into Keeper. If the QR code is not available, the user can also sign up manually with the secret key code. This will add a two-factor code directly into a record stored securely in the Keeper vault, as seen below:
Once added to a record, a new two-factor code will be generated periodically and be available to fill the site when needed. There is no need to refer to another app or device and then scramble to type in the code while attempting to login. An example of how this looks on an iPhone can been seen below. Below See how the username, password, and two-factor code are all available when needed.
The Keeper Advantage:
Since Keeper is a multi-platform solution, this same two-factor code will be available across multiple devices, including desktop, mobile, and from a variety of web browsers. And it’s all backed up in the Keeper vault, if the user needs to access a secured site from a new device once Keeper is installed the vault record with the two-factor will be there.
Since Keeper already supports sharing records the credentials can be shared easily with anyone who has Keeper. The shared record provides them the same two-factor codes for logging in anytime without needing someone to act as the “key master” to recite the code from their device in order for their associate to login.
The bottom line is that Keeper’s implementation of two-factor capability significantly improves the usability of a best-practice technology that substantially improves cybersecurity for the most important and sensitive accounts. It is possible to have great security and convenience!
For more guidance on how easy it is to set up two-factor codes in your Keeper records refer to our User Guide.