Two-step verification, also known as 2-factor authentication or 2FA, or Multi-factor authentication (mfa) is an optional but highly recommended security feature.
Once enabled, logging into Splashtop will require an additional six-digit security code, in addition to your account's password. The security code will be generated by an authenticator app on your mobile device. (Text messaging is not supported.)
This means, even if someone has guessed or stolen your On-Prem account ID and password, he or she will not be able to log into your account and access your computers.
Splashtop On-Prem support TOTP (Time-based One-Time Password algorithm) based 2 step verification, and verified with the following authenticator apps:
- Google Authenticator (Android/iPhone/BlackBerry)
- Duo Mobile (Android/iPhone)
- Microsoft Authenticator (Android/iPhone/Windows Phone 7)
- Okta Verify (Android/iPhone)
- Other popular TOTP apps
Login to management console as Team Owner, and go to Management > Settings, you can specify how and whom the 2-step verification should be enforced.
If an account has been enforced to enable 2-step verification, he/she will be required to pass through the 2-step verification setup guide to continue using the service, or it will pop up the following window when they try to log in to the client app.
To set up the 2-step verification account for the first time, the user is required to log in to the Gateway using his/her own account.
Follow the instructions to complete the setup.
Click Next and choose one Authenticator app. Take Okta Verify as an example.
It would generate a QR code, users need to launch the authenticator app to scan it.
Launch the okta Verify and complete the following steps.
Add account -> Organization -> Scan a QR code -> Done.
It will generate the security code on your app. Enter the security code from your authenticator app to finish pairing.
Click Copy or Save codes to proceed to the next step.
Now, we have finished enabling two-step Verification. Users can login to Splashtop on a new device now!
Step 3 Login console or Client app with 2-sv enabled
Users will be required to enter the one-time passcode when 2-sv is enabled and setup. If Team Owner has allowed trust device , users can check trust this device as the convenience.
Figure. 2-sv passcode input dialog on On-Prem app
Figure. 2-sv passcode input dialog on web console
1. Why I always can't pass 2-sv passcode?
For TOTP is time and clock based authentication, if there are obvious system clock difference, like more than 30 seconds, you may encounter error to pass 2-sv passcode. please make sure your Gateway and authentication device has synchronized system time.
2. What if I lost my cell phone and forget my recovery code ?
Please contact your Team Admin to reset your 2FA settings if recovery codes are lost.
The following is the procedure of resetting 2FA for administrator:
- Login to gateway as administrator
- Go to Management ->users -> Setting -> Configure 2-step verification
- Disable 2FA
- User could set up 2FA again.