As we announced when we released our 2.3 version, Soffid now supports LinOTP. As we briefly explained in our 2.3 version release announcement, LinOTP is a Linux based solution to manage multi factor authentication with one time password devices. But what does this mean for Soffid’s users?
LinOTP is an open source authentication server, as you know we are all about OS.
Over the years, and even more so in recent years, it has become apparent that protecting our employees and customers details from possible hacker attacks it’s crucial. Attacks have become more regular and across all sectors. In order to protect our customers and company’s data the industry has had to get creative, a password it’s just not enough any more and that’s where OTP comes in, as the name suggests (One Time Password) these are passwords that can only be used once, they may be a PIN sent via SMS or a series of numbers on a security token, etc. Once upon a time this type of security level was only used in banks or organisations where security was a top priority, however nowadays we see all kinds of companies interested and wanting to use extra layers of security. We realised this was a pressing need for our current and prospective customers, so we had to do something about it.
We looked at different alternatives, what could we offer our customers and prospective customers? And we found LinOTP, an OS Linux based OTP with modular architecture that matched our needs, our customer’s needs and our OS philosophy perfectly. So when we developed our version 2.3 including LinOTP among the new features was a must.
Soffid’s users can now configure Soffid’s console to request the user to authenticate using a second factor authentication. Our users can now have that extra level of protection and be reassured of the added security.
A user will still authenticate using user name and password, however when trying to perform some specific tasks, a new level of authentication will be requested, this authentication will be active for a set time, once the set time has expired, a new authentication will need to be requested to perform the task. The administrator will decide which pages or services need to be protected by this OTP.