If you're looking to increase security at your office or community, you might consider enabling two-factor authentication. Two-factor authentication, or 2FA, is the practice of requiring users to utilize multiple forms of identification when trying to access data or a physical space. In access control, the goal is to confirm the user's identity to ensure intruders do not gain access to your property. Two-factor authentication may be a great option if your property has materials and assets that need extra protection.
In today’s day and age, security threats are everywhere. To keep trouble at bay, two-factor authentication is becoming more commonplace. It’s likely you may already utilize two-factor authentication in your everyday life, perhaps with your bank account. When logging into your account, you’re required to enter your username and password. Once you submit that, your bank may then require you to enter a one-time pin code that they text directly to your personal cell phone. By adding this extra step to the login process, the bank is attempting to double-check and confirm your identity. While 2FA isn't a perfect system and there are ways to bypass it, it does generally provide a greater level of safety and security for all involved.
There are 3 types of authentication factors that a user can utilize in order to verify identity. They include:
- Physical Factors: This is something the user is in possession of, such as a physical key card or a mobile device.
- Knowledge Factors: This is something the user knows, such as a password or a pin code.
- Inherent Factors: This is something that is essentially a part of the user, such as a fingerprint or eye iris.
If you were to enable 2FA with Genea, users would be required to use both their credential (something they are in possession of) and a special pin code (something they know) in order to gain access to any 2FA enabled areas. You will also need to issue all users pin codes.
IMPORTANT NOTE: If you would like to utilize 2FA at your office or community, you will need to install RPK40 readers at all necessary access points. Unlike RP10, RP15, and RP40 readers, RPK40’s include a pin pad. If you would like to utilize RPK40 readers, reach out to firstname.lastname@example.org to discuss ordering the hardware and organizing installation.
HOW TO ENABLE TWO-FACTOR AUTHENTICATION
If you have installed RPK40 readers at your office, you are ready to enable two-factor authentication. Follow the steps below in order to configure your reader.
1) Navigate to the 'Hardware' section in your Genea admin web portal. Find the specific reader on which you would like to enable 2FA and click the 'Edit' button.
2) Under the reader's 'Details' section, click the 'Edit' button to edit the reader settings.
3) Locate the 'Access Method' section. Under this section you will have 3 options to choose from: Card only, Card and PIN, and Card or PIN. Depending upon what method you choose, your reader will behave differently.
Card only: If you select 'Card only,' your reader will only grant access to users when they've scanned a valid mobile key or physical key card. A PIN will not be necessary.
Card and PIN: When 'Card and PIN' is selected, the reader will be enabled for two-factor authentication. This means that when a user is attempting to gain access to your property, they will need to present both their credential and their PIN code. IMPORTANT NOTE: If you select 'Card and PIN' for a reader that is not an RPK40, the reader will not grant access to anyone who attempts to enter. It will also not log the access attempt in your activity log. This is because the reader will be awaiting a PIN code in order to determine if the user should be granted access. When the PIN is not entered, it will not consider the access attempt to be complete and will therefore not log the event. For this reason, if you are using an RP10, RP15, or RP40, please select 'Card only' as the access mode.
Card or PIN: When 'Card or PIN' is selected, user's can choose to use either their Card or their PIN to gain access to your property. They will not have to use both in order to verify their identity.
4) Once you have selected the appropriate access method, press the 'Save' button to save all changes.
If necessary you can exempt certain users from the 2A process. Learn how to create exemptions here.
ENTERING A PIN CODE ON A RPK40
If you've enabled 2FA and/or have given users the option to utilize a PIN code on any of your property RPK40s, they will need to know how to enter their code in order to gain access.
At this time by default, users will be required to press the '#' button after entering their PIN in order for their PIN to be accepted by the reader. The only time the '#' will not be required is if the PIN code is 8 digits long.
If your system is enabled for 2FA, after swiping his or her credential a user will have 15 seconds in order to successfully enter their PIN code. If the user does not successfully enter their PIN within that 15 second timeframe, they will be required to re-scan their credential before trying to enter their pin again.
If your reader is configured for 'Card and PIN' and a user enters an incorrect PIN, they will be denied access and a 'Deny Access - Wrong PIN' event will be logged in your system activity log.
If your reader is configured for 'Card or PIN' and a user enters an incorrect PIN, they will be denied access and a 'Deny Access - Card/PIN Not Found' event will be logged in your system activity log.
If you would like to learn more about how to enable two-factor authentication at your office or community, please send inquiries to email@example.com.