Multi-factor login authentication as a security option
It would be nice to be able to have a multi-factor login authentication as a security option. We have users who work in DocuWare while they are on the road and it would be nice to toggle this feature on/off per user as an extra layer of security.
Thank you for your idea. We added it to our collection of ideas and features and will further investigate it. We currently cannot say exactly when this idea will be implemented. As soon as we have more information we will update its status.
Henrique Goncalves commented
Any updates for implementation on 2FA/MFA?
Nate Howland commented
Many companies that assist with GDPR compliance list two-factor authentication for web apps as a "must have" best practice.
Kim Anthony LUna commented
I agree. Clients have been asking about 2 factor authentication for increased security.
2FA seems like a must to me, especially with the Cloud environment.
Not only nice, also important regarding GDPR!
Please implement this solution so that customers and admins are more secure. Without it, and without a proper password policy, people can login infinitely with the user/admin credentials. This is unsecure.
With TOTP/OTP/2FA solution people need the username, password and temporary code to login. This is way more secure.
Louis Marascio commented
This is a big gap in functionality in today's security environment. 2FA is a must have for any system that holds sensitive information.
Hal Hamilton commented
We have several clients that are already using two factor authentication and are wanting that ability with DocuWare on-premise and cloud. We are also hearing from other clients that they too need to adapt to two factor authentication due to the material and information that their Fortis/DocuWare systems are handling such as SS#, HIPAA information, FERPA, etc. This needs to be added to the road map as soon as possible.
DELFORGE Clément commented
needed onPremise too.
Cory Van Dyke commented
Organizations that store SSN/credit card info must adhere to PCI standards/compliance. Taken from PCI security document "Implement two-factor authentication for all remote network access that originates from outside the network, by employees, administrators, and third parties including vendor access for support or maintenance. Examples of two-factor technologies include remote authentication and dial-in service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication. Using one factor twice (e.g. using two separate passwords) is not considered two-factor authentication."