Verifalia is committed to the sustained improvement of Security standards. Data is our business and keeping that data secure is our #1 priority: that’s why we introduced MFA (Multi-factor Authentication) on our master accounts.
What is MFA?
MFA stands for multi-factor authentication. It is a security feature available to Verifalia Enterprise or higher accounts which allows to use a Time-Based One-Time Password (TOTP) device (like, for example, your smartphone) to authenticate.
In fact, authentication in multi-factor authentication with Verifalia is a method of proving you are who you say you are, simply usingboth these two methods for access:
- a password
- (plus) a token
How does MFA improve the security of my account?
Controlling access is paramount and Multi-factor authentication gives you an added layer of security around your Verifalia account. Multi-factor authentication’s most important feature is exactly what makes it so secure: multiple requirements for access make it extremely difficult for “somebody else” to break into your account.
How can I use MFA?
First of all: you don’t need any new physical device to get you token. You can easily manage the whole process with a common device-generated token in addition to your user's credentials (email address and password): usually your smartphone is ok!
Do you need a tutorial-like example? Here we are, let’s look at MFA to login into a Verifalia account with the Google Authenticator app.
Go to your Play Store or Apple Store and download the app “Google Authenticator”; after that sign into you Google account and start protecting your account!
Log into your Verifalia dashboard and click on “Account security settings”, the button displayed just below your Account ID.
You will be redirected to the page which allows you to set Verifalia’s Multi-factor authentication and displays the following description:
Time-Based One-Time Password (TOTP)
A Time-based One-time Password Algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time, used to provide an additional layer of security to sign-ins. Essentially, both the server and the client compute the time-limited token, then the server checks if the token supplied by the client matches the locally generated token.
Please note that Multi-Factor Authentication is not yet supported in our developers API: meanwhile, this user will always need a browser to sign in, after Multi-Factor Authentication is enforced.
By clicking on “Enroll” you can start this security process... be sure to have your Google Authenticator ready!
Please remember that in order to associate your token to more than one device, you should need to save your QR code or - better yet - your security key in a safe place!
To complete the enrollment you could either scan the QR code or enter your secret key. Choose the way you are more comfortable with and in just a few seconds you will have your new Verifalia account on Google Authenticator with your temporary one-time token shown!
Once the enrollment is complete, you can go back to your dashboard and enforce Verifalia’s Multi-Factor Authentication and click on “Save”.
Congratulations: your Verifalia MFA is now ready!
The final step you could do is to logout and then login your Verifalia account straightaway to test the MFA.
What if I need to Unenroll my MFA or I need more details?
Well, unenrolling is quite easy after login: from your dashboard, go back to “Account security settings” and click on “Unenroll”.
This is just a brief overview of our MFA security measure... if you need any further details, do not hesitate to contact us!