Now with Google Authenticator: How to double protect yourself during login
With update 8.11 it is now possible to use a second factor for login via Password Safe. How this works and why you do not need a Google Authenticator App for this …
There are scenarios that even Password Safe cannot protect against … Or maybe it can? It happened: An employee copied his password from Password Safe and stored it unnoticed in an insecure place. Now a hacker robbed it. What now? Will the attacker kick in the door to the account? Not with Password Safe. The password is useless in the hands of the hacker as he still lacks the one-time password. And this is – extra secure – not readable from the employee’s smartphone but directly located in Password Safe! Let us explain how you can achieve double protection with the two-factor authentication in Version 8.11!
What is a One-Time-Password (OTP)?
A One-Time-Password – in short: OTP – is a password that is only valid once for authentication or authorization. It can therefore not be used a second time. The OTP consists of a 6-digit numerical code and is regularly reset to a new value.
How does two-factor authentication via OTP work in Password Safe?
With Update 8.11, an additional form field for the One-Time-Password was set up, which can now be added when the form is created or simply added to existing forms. To configure this field, you need the secret key of the target application or website. This key is displayed in the application either as a QR Code or as a letter-number combination when the Authenticator App is activated.
Now simply enter this combination in Password Safe.
If necessary, you may also have to enter an OTP in the target application to establish the connection to Password Safe final.
This is it! You have just successfully configured Google Authenticator for the target application in Password Safe. From now on a new one-time password will be generated in Password Safe every 30 seconds – no Google Authenticator App needed! From now on the Authenticator will generate new 6-digit numerical codes every 30 seconds.
Now all the necessary information about the 2FA is stored centrally in one place – Password Safe. And you can easily access it with all clients – including add-on – without any problems.