January 6, 2015

Three Ways to Enhance Your SoftLayer Portal Account Security

January 6, 2015

We’ve recently discussed how to craft strong passwords and offered advice on choosing a password manager, but we haven’t yet touched on multi-factor authentication (MFA), which has been available to our customers for many years now.

What is MFA?
MFA is another line of defense for securing your user accounts within the customer portal. The concept behind MFA is simple: Users present two (or more) ways to authenticate themselves by providing something known such as a user name and password and providing something possessed such as a one-time password generated by a device or software application.
Why is MFA important?
Keeping passwords secure has always been a moving target. While you can train staff and enforce complex password policies, it’s difficult to prevent users from writing passwords down, saving them to files, or sharing them with others. By adding MFA, simply having a user password doesn't grant access to the resource. A user will need the user password in addition to a MFA token device, smartphone, or application.
What MFA options are available at SoftLayer?
SoftLayer offers three MFA methods to enhance portal account security:
Symantec Validation and ID Protection (VIP) – After downloading this app to a smartphone, when accessed, it will generate a one-time password. This product can be used to securely access the SoftLayer portal. The app is $3 a month per user.

PhoneFactor – A unique system where a one-time password is texted to a mobile phone. Users also have the option of receiving a phone call to input a PIN before receiving a one-time password. This can be used to access the portal as well as the SoftLayer SSL VPN. PhoneFactor costs $10 a month per user.

Google Authenticator – Another smartphone application with generated one-time passwords, can also be used to securely access the SoftLayer portal. This can be added for any user on an account free of charge.

Quickly Add MFA to SoftLayer Portal Users Today
It’s easy to add any of these MFA services to portal user accounts.

To add Symantec VIP or PhoneFactor:
  1. Log in to SoftLayer portal as the master user.
  2. Under the Account Tab click on Users.
  3. In the right hand column for each user, click the Actions icon and select Add External Authentication. You’ll then be able to subscribe to Symantec or PhoneFactor for that user.
To add Google Authenticator:
  1. Log in to SoftLayer portal as the master user.
  2. From the Accounts dropdown menu, select Users and then select your user account name.
  3. Scroll down and click the link to Add Google Authenticator to your account.
  4. From there, just snap the QR code with your GA application and you’re all set. The next time you log in you’ll be prompted to enter your authentication code after entering your username and password.

Any of these three MFA solutions will help ensure that your portal user accounts are secure, are easy to set up, and quick to install. Feel free to reach out if you have any suggestions or questions about MFA with SoftLayer.

- Seth

Comments

January 6th, 2015 at 5:37pm

When enabling MFA, it disables API access for that user. What do you recommend in that scenario?

January 7th, 2015 at 5:24pm

Hi Chris, Great question. MFA flags a user to require more than just a password to authenticate. Since the API key is essentially a password, adding MFA to your API user would not work. A good practice is to build an API user with the least amount of permissions for your API calls, and reserve MFA for users that are actually logging in to the portal or VPN. Thanks for the question, Seth

January 12th, 2015 at 6:27am

How can we enable 2-factor authentication for the softlayer VPN Access as this is something we want to ensure is secure?
 

January 29th, 2015 at 7:25am

There needs to be a way to print backup codes for the 2FA. If one misplaces the OTP device (such as a phone), there's no way in.
 

      

Leave a Reply

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Categories: 

Comments

January 6th, 2015 at 5:37pm

When enabling MFA, it disables API access for that user. What do you recommend in that scenario?

January 7th, 2015 at 5:24pm

Hi Chris, Great question. MFA flags a user to require more than just a password to authenticate. Since the API key is essentially a password, adding MFA to your API user would not work. A good practice is to build an API user with the least amount of permissions for your API calls, and reserve MFA for users that are actually logging in to the portal or VPN. Thanks for the question, Seth

January 12th, 2015 at 6:27am

How can we enable 2-factor authentication for the softlayer VPN Access as this is something we want to ensure is secure?
 

January 29th, 2015 at 7:25am

There needs to be a way to print backup codes for the 2FA. If one misplaces the OTP device (such as a phone), there's no way in.
 

      

Leave a Reply

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.