How can we improve the DocuWare Client?

Multi-factor login authentication as a security option

It would be nice to be able to have a multi-factor login authentication as a security option. We have users who work in DocuWare while they are on the road and it would be nice to toggle this feature on/off per user as an extra layer of security.

44 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    10 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Nate Howland commented  ·   ·  Flag as inappropriate

        Many companies that assist with GDPR compliance list two-factor authentication for web apps as a "must have" best practice.

      • Nigel commented  ·   ·  Flag as inappropriate

        Please implement this solution so that customers and admins are more secure. Without it, and without a proper password policy, people can login infinitely with the user/admin credentials. This is unsecure.

        With TOTP/OTP/2FA solution people need the username, password and temporary code to login. This is way more secure.

      • Louis Marascio commented  ·   ·  Flag as inappropriate

        This is a big gap in functionality in today's security environment. 2FA is a must have for any system that holds sensitive information.

      • Hal Hamilton commented  ·   ·  Flag as inappropriate

        We have several clients that are already using two factor authentication and are wanting that ability with DocuWare on-premise and cloud. We are also hearing from other clients that they too need to adapt to two factor authentication due to the material and information that their Fortis/DocuWare systems are handling such as SS#, HIPAA information, FERPA, etc. This needs to be added to the road map as soon as possible.

      • Cory Van Dyke commented  ·   ·  Flag as inappropriate

        Organizations that store SSN/credit card info must adhere to PCI standards/compliance. Taken from PCI security document "Implement two-factor authentication for all remote network access that originates from outside the network, by employees, administrators, and third parties including vendor access for support or maintenance. Examples of two-factor technologies include remote authentication and dial-in service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication. Using one factor twice (e.g. using two separate passwords) is not considered two-factor authentication."

      Feedback and Knowledge Base