Integrating Authy with Secret Server

Secret Server's support for soft tokens or mobile application authentication using the TOTP RFC6238 algorithm strengthens the security of user logins by implementing time-limited, one-time passwords. This feature enhances the protection of privileged accounts and sensitive information within Secret Server, mitigating the risks associated with traditional username/password authentication.

Secret Server leverages soft tokens or mobile application authentication with:

  • TOTP Algorithm: Time-Based One-Time Password (TOTP) is an algorithm specified in RFC6238. It uses a combination of a secret key and the current time to generate a unique, time-limited password that changes periodically. This password can be used as a second factor for authentication, adding an extra level of security.

  • Soft Tokens and Mobile Applications: Secret Server supports the use of soft tokens or mobile applications that are compatible with the TOTP algorithm. These applications can be installed on smartphones, tablets, or other mobile devices and provide a convenient way for users to generate one-time passwords.

  • Configuration: Administrators can enable and configure TOTP authentication within Secret Server. They can define policies and settings related to TOTP, such as the required strength of TOTP passwords, the expiry duration of each password, and the maximum number of failed login attempts allowed.

  • User Enrollment: Once TOTP authentication is enabled, users can enroll their soft tokens or mobile applications with Secret Server. This typically involves scanning a QR code or manually entering a secret key provided by Secret Server into the soft token application. This step establishes a link between the user's device and Secret Server.

  • Authentication Process: When logging in to Secret Server, users will be prompted to provide their TOTP-generated one-time password in addition to their regular username and password. The user launches the soft token or mobile application, which calculates and displays the current one-time password based on the secret key and the current time. The user then enters this password into the login form to complete the authentication process.

  • Enhanced Security: By using TOTP-based soft tokens or mobile applications, Secret Server adds an extra layer of security to the authentication process. The one-time passwords generated by the applications are time-limited and valid only for a short period, reducing the risk of password reuse or interception.

To learn more about this integration, click here.