Two-factor user authentication, 2FA, MFA

To increase the security, we recommend requiring the two-factor authentication at least for users with higher privileges.

You can activate two-factor authentication either in the Human Resources agenda in the 3 Web application account tab, or via the User Menu - Settings, by adding one of the supported 2FA methods.

Yubikey OTP

Yubikey Security Keys are authentication hardware tokens for multi-factor authentication, providing secure login to computers, servers, VPN or applications via PC or mobile device.

  • They are a more secure and convenient alternative to two-factor authentication using SMS.
  • Logging in requires the physical presence of the token and manual interaction in the form of pressing a YubiKey button.
  • It works without the need to install software or drivers, as it behaves like a regular keyboard (USB HID).

The GIRITON web application offers two-factor login using the Yubikey OTP protocol, which is supported by most of the Yubikey hardware token types.

During the two-factor login using Yubikey OTP, just insert the Yubikey key into the USB port and touch the button on your Yubikey.

TOTP with Google Authenticator, Authy, ...

You save the login to the given service (in this case the web application Giriton) using a QR code into the authentication application on the mobile phone (such as Google Authenticator, Microsoft Authenticator, Authy and many others). During the two-factor login, you then write down a six-digit code from your mobile phone (which changes every 30 seconds) into the login dialog.

SMS

To activate the two-factor authentication using SMS, you need to activate the SMS sending module. After activating this module, users can also add their phone number as a 2FA method.