Ashur Kanoon

-August 24, 2016

Google Authenticator enables free, time-based one time passwords (TOTP) on Pulse Connect Secure

Multi-factor authentication is nothing new and it’s not limited to high tech. For example, think of how one accesses a bank safety deposit box. First, you show your government-issued identification to a bank employee. Your identity is compared to what is in the system and authenticated. Second, a unique physical key, that only you have, needs to be used to actually open the safety deposit box. Other methods such as biometric scans and combination locks can also be used to add factors of authentication.

Similarly, access to networking or computing resources, can be protected by multi-factor authentication. Secondary methods that are not time-based or one time can be more easily compromised. The most commonly deployed method is to use something constant and known, along with something that changes frequently. The username and password credential combo is usually the first factor — the something constant and known, while tokens are the latter.

Enter Google Authenticator, a free application from Google which is built into Pulse Connect Secure (PCS) 8.2R5. This means that time-based one time passwords (TOTP) can be enabled in minutes. Better yet, it’s free and doesn’t require any additional licenses to enable.

For end-users, the official Google Authenticator app is available for Android, iOS, and Blackberry, while there are several third party implementations for other platforms including Windows, Mac, and Linux. The simply end-user logs in to PCS with their credentials and registers their app via QR code – this only takes seconds. Once their app is registered, it will start generating codes.

In summary, free, time-based one time passwords (TOTP) is now available on Pulse Connect Secure so invest the few minutes and enhance the security of your organization.