This KB article shows you steps by steps how to enable/disable the "2-Factor Authentication" on your Talk2M Pro account via eCatcher.
- Talk2M PRO
- All Ewon Cosy / Flexy devices
The requirements to discover the adventure behind this article are:
- Talk2M Pro account
- eCatcher on your computer
IN THIS ARTICLE
You can combine your Talk2M Pro account with 2-factor authentication - 2FA - which adds an extra layer of security for account access.
This provides unambiguous user identification by means of the combination of two different components, which are generally something that the user knows and something that he possesses (or that is inseparable from him).
When it comes to eCatcher and M2Web connections, the second authentication factor will involve the mobile phone of the user, on which an SMS or text message that contains a dynamic one-time authorization passcode consisting of 4 digits will be sent.
To do this, we will follow the 4 general steps below:
STEP 1: LOG INTO THE ACCOUNT
STEP 2: CONFIGURATION TWO-FACTOR AUTHENTICATION
A- For Talk2M Pro account
To configure the 2-factor authentication - 2FA settings for your Talk2M Pro account in eCatcher:
- Select first "Account" button.
- In "Security Policy" session, select "Modify 2-Factor Authentication policy".
- A pop-up appears, there to edit the 2-Factor Authentication policy.
--> Account > Security Policy > Modify 2-Factor authentication policy...
B- For a particular user
You can activate and configure the two-factor authentication settings for each user of your Talk2M account.
To do that:
- Select "Users" button.
- From the "users" session in eCatcher.
- Select an appropriate user inside the user list and click on "Properties" to open the properties window.
- In "Security" session, select "Enable Two-Factor Authentication".
--> Users > Properties > Security > Enable Two-factor authentication...
The following pop-ups appear:
Here you can decide either to encode the mobile phone number of the user or let the user encode and validate his phone number on next login.
A security code is sent to verify the validity of the phone number.
A backup phone number (different from the first one) can be added for any user.
This option is required to activate the Two-factor authentication for a user with Administrator rights.
A security code is sent to verify the validity of the backup phone number.
The Two-factor authentication is now enabled.
STEP 3: SMS RECEPTION FAIL
In step 2/4 and 4/4 during a configuration of 2-factor authentication, if for some reason the user did not receive the text message, he can click on the “resend the SMS” link.
The user can then decide to resend the text message to the same phone number (the mobile number encoded for the user) or to the backup phone number, that was also encoded for the same user, in case the first mobile phone is not accessible, was lost or is damaged. So it is strongly recommended to encode a backup mobile phone number for each user..
- Note -
For users with administrator rights, it is a requirement to encode the backup mobile phone number.
STEP 4: REMEMBER MY PC
The “Remember this PC” option of two-factor authentication is controlled by the Account’s Security Policy.
If the Standard Policy is selected, the “Remember this PC” option is allowed and never expires.
“Remember this PC” is not allowed under the Enforced Policy.
The “Remember this PC” option allows eCatcher to use the PC of the user instead of the text message for the second authentication factor.
During the two-factor authentication login, the user can check the “Remember this PC” option when he writes the passcode received on his mobile phone.
This will allow him to log in the next time from this PC by entering only the username and password.
The passcode reception by text message is not required anymore, as his PC (a physical object only he possesses) is now the second authentication component.
- Important -
Do NOT use the “Remember this PC” option, if you are not connected using your own PC or tablet.
The Administrator of the Talk2M account can decide if the “Remember this PC” option is authorized or not for the Talk2M account.
The expiration time of the “Remember this PC” can also be configured. It can for example be set to 30 days. This means that the user will need to use, at least every month, the passcode received by text message as a second authentication component.
- Note -
A revoke feature exists for the “Remember this PC” option. An administrator of the account can revoke all “Remember this PC” authorizations of a user.
This means that the user will need to use once again the text message as a second authentication component on the next logon.