Setup 2-step verification, as known as multi-factor authentication (mfa)

Two-step verification, also known as 2-factor authentication or 2FA, or Multi-factor authentication (mfa) is an optional but highly recommended security feature.

Once enabled, logging into Splashtop will require an additional six-digit security code, in addition to your account's password. The security code will be generated by an authenticator app on your mobile device. (Text messaging is not supported.)

This means, even if someone has guessed or stolen your On-Prem account ID and password, he or she will not be able to log into your account and access your computers.

Splashtop On-Prem support TOTP (Time-based One-Time Password algorithm) based 2 step verification, and verified with the following authenticator apps: 

Setup Guide

 Step 1

Login to management console as Team Owner, and go to Management > Settings, you can specify how and whom the 2-step verification should be enforced. 

11.PNG

If an account has been enforced to enable 2-step verification, he/she will be required to pass through the 2-step verification setup guide to continue using the service, or it will pop up the following window when they try to log in to the client app.

1.PNG

Step 2

To set up the 2-step verification account for the first time, the user is required to log in to the Gateway using his/her own account.

12.PNG

Follow the instructions to complete the setup.

13.PNG

Click Start.

14.PNG

Click Next and choose one Authenticator app.  Take Okta Verify as an example.

15.PNG

It would generate a QR code, users need to launch the authenticator app to scan it.

16.PNG

Launch the okta Verify and complete the following steps.

Add account -> Organization -> Scan a QR code -> Done.

22.png

 

23.png

24.png

It will generate the security code on your app. Enter the security code from your authenticator app to finish pairing. 

 

25.png

18.PNG

Click Copy or Save codes to proceed to the next step.

19.PNG

Now, we have finished enabling two-step Verification. Users can login to Splashtop on a new device now! 

20.PNG

 

Step 3  Login console or Client app with 2-sv enabled

Users will be required to enter the one-time passcode when 2-sv is enabled and setup. If Team Owner has allowed trust device , users can check trust this device as the convenience. 

21.PNG

Figure. 2-sv passcode input dialog on On-Prem app

2sv3.png

Figure. 2-sv passcode input dialog on web console

 

Q&A

 

1. Why I always can't pass 2-sv passcode?

For TOTP is time and clock based authentication, if there are obvious system clock difference, like more than 30 seconds, you may encounter error to pass 2-sv passcode. please make sure your Gateway and authentication device has synchronized system time. 

 

2. What if I lost my cell phone and forget my recovery code ?

Please contact your Team Admin to reset your 2FA settings if recovery codes are lost.

The following is the procedure of resetting 2FA for administrator:

  1. Login to gateway as administrator
  2. Go to Management ->users -> Setting -> Configure 2-step verification3.png
  3.  Disable 2FA4.png
  4.  User could set up 2FA again.

 

 

 

 

2 out of 3 found this helpful