You can make your Egnyte account even more secure by using Two-step Login Verification. Two-step Login Verification (TSLV) requires a third piece of information (in addition to your username and password) in order to log in.
Egnyte has partnered with Duo Security, a leader in two-factor authentication, to secure your account with TSLV. If you have a smartphone, the Duo Mobile app’s “Duo Push” feature is a convenient way to grant access to your Egnyte account right from your smartphone.
Egnyte has provided you four different options to verify your login; this article will walk you through each one after providing instructions for initial TSLV set-up. The last section will address administration features available to users who are Egnyte domain administrators.
Opting In and Setting Up TSLV
1. If your account administrator has not made TSLV mandatory, you can opt into the feature by selecting the “My Profile" option in the upper right-hand corner of the screen.
2. Select the toggle next to "Two-step login verification” and click “Save” at the bottom of the screen.
3. You will be automatically logged out of your account. Enter your username and password again, and you will see this screen. Choose "Start Setup."
4. You will be asked to specify a device type on which you will receive your TSLV "challenge". We recommend that you receive your challenge on your mobile phone.
5. Enter your mobile phone's number in the resulting screen. Follow the on-screen instructions to double-check that you are using the correct number. It is very important that you enter the correct phone number here.
6. Select your phone's operating system.
7. Based on the OS you chose in the preceding step, you'll receive instructions about how to get the Duo Mobile app (it's free). Once you have installed the app, select the "I have Duo Mobile installed" option and proceed.
8. The next step requires you to use the Duo-Mobile app to scan a QR code that displays on your computer screen.
9. Once you've scanned the QR code, Duo-mobile will take care of the rest.
After successfully enrolling your device for Two Step Login Verification, it's time to decide how you want to receive TSLV "challenges".
Receiving Challenges via SMS
1. Check the "Passcode" option and click the "Send SMS passcodes" link.
2. You will receive a series of ten passcodes in a text message. Each code begins with a certain number. Enter the code which is specified in the user interface. In the example below, you would enter a code which begins with the number 1.
3. If you have entered the passcode correctly, you will be granted access to your Egnyte account.
Receiving Challenges via Phone Call
1. Select the “Phone call” option and click “Log in.”
2. You will receive an automated phone call that will prompt you to press any key on your phone to proceed. Once you’ve done this, you’ll be automatically logged in.
Receiving Challenges via Duo Push
1. Pick the Duo Push option and choose "Log in".
2. You can approve the login request by opening the Duo Mobile application; approving the request will allow you to access your account.
Administrators of accounts which have purchased the Advanced Authentication Package can mandate the use of Two-step Login Verification for their users. This option can be found in the “File Server Configuration” section of the “Settings” panel. Your users will be required to configure TSLV upon their next login.
Note that it’s possible to limit which users are required to use TSLV: you can require this feature for all of your users or limit it to Power and Admin users. If you apply this feature to a class of users, every user of that type will need to use TSLV. You cannot grant exceptions.
You can also require TSLV for individual users by selecting the “Enable two-step login verification” checkbox when you edit a user in the “Users and Groups” menu.
Resetting a User's TSLV Settings
If a user loses the phone with which they have configured TSLV, needs to change the mobile or landline phone number associated with their TSLV settings, or wishes to install Duo Mobile after skipping the appropriate install steps, you can reset their account’s TSLV by going to their user details screen and selecting the "Reset" option next to Two-Step Login Verification.
Even if you do not mandate TSLV, individual users in your Egnyte domain will still be able to opt in to the feature. If you mandate TSLV, but subsequently toggle the feature off, users who previously opted in on their own accord will still have TSLV enabled.
Enabling the "Remember Me" and "Trusted Networks" Capabilities
This level of security provided by TSLV may not always be necessary. For example, you might not want to require login verification every time you log into Egnyte from your work computer, but would want to require this when logging on from a computer in a hotel business center. Accordingly, we’ve provided a “Remember Device” setting that allows users to defer the requirement to verify their login for a certain device for an admin-specified time period.
Account admins will need to enable this capability from the “Configuration” → “Security” → “Two-step Login Verification” section screen. Once you’ve turned the setting on then you can set the duration of time for which devices can be remembered.
We’ve also made it possible for account admins to enter one or more IP addresses or IP address ranges in a “Trusted Networks” field. Users logging into Egnyte from these IPs will not need to verify their login. You can enter individual IP addresses or ranges of IP addresses (including those indicated with CIDR Notation), but be sure to separate each address or range with a comma.