MFA Configuration
Last updated
Was this helpful?
Connectware 1.8.0
Last updated
Was this helpful?
To enable multi-factor authentication (MFA), you must set up certain configurations..
In systems that involve user authentication and data protection, encryption and salting mechanisms are critical to ensure that user authentication processes are both secure and trustworthy.
Secret: A secret key used for encryption.
Salt: A random value to enhance security.
These elements strengthen the MFA process to ensure a secure and reliable user authentication.
The following parameters are available for configuring MFA in Connectware.
CYBUS_MFA_ENABLED
Enables the MFA feature when set to true. Disables MFA when set to false.
CYBUS_MFA_ENCRYPTION_SECRET
The key used for MFA encryption.
CYBUS_MFA_ENCRYPTION_SALT
Additional random element used in the MFA encryption process.
CYBUS_MFA_MAX_INVALID_OTPS_PER_USER
Optional: Specifies the maximum number of incorrect OTPs a user can input during MFA login before their account is temporarily deactivated.
CYBUS_MFA_BAN_DURATION_MINUTES
Optional: Defines the duration (in minutes) of temporary account deactivation after multiple failed OTP attempts during MFA login.
Keep in mind that the combination of CYBUS_MFA_ENCRYPTION_SECRET and CYBUS_MFA_ENCRYPTION_SALT ensures the cryptographic robustness of 2FA tokens, making them both safe and distinct. If these values are compromised, it would expose the system to potential unauthorized access and breaches. By modifying these values, previously generated 2FA secrets became undecipherable. As a consequence, users with 2FA enabled would be unable to log in anymore.
Example configuration: