trackSpace 2-Factor Authentication

What is a 2-Factor Authentication ?

A 2-Factor Authentication (2FA) describes an authentication process (login procedure) in which the user needs to have two things (factors) to successfully login in to an application:

  1. Knowledge

  2. Device

"Knowledge" in this context refers to the usual login credentials, the username and the password.

"Device" refers to an additional device that the user needs to complete the login. An example for the latter would be a mobile phone to which an SMS is sent with a PIN number that then needs to be entered in the application to complete the login.

Why are you introducing 2FA ?

Information security and data privacy has become more and more important over the last years. News about data breaches and security vulnerabilities are increasing and application providers are reacting by hardening their platforms better.

So are we. Your data and information is valuable to you and us and we are adding this additional level of security to protect it better.

When will 2FA be activated ?

We will activate 2FA for trackSpace and docSpace on 2020-10-29 at about 09:00 CET.

What does this mean for me as a trackSpace/docSpace user ?

Once we activate the 2FA for the trackSpace Suite (trackSpace and docSpace), your login will require the second factor, a mobile device that supports one of the common authentications apps like the Google Authenticator or the Microsoft Authenticator.

trackSpace and docSpace are two different applications from a security point of view, thus, each one requires a second factor when authenticating. You only need to enter each one once for a session.

You will need:

  • a mobile device (or computer) with Internet connection

  • an authenticator app installed on the device

What app do I need on my device ?

Any TOTP compliant software can be used to create a PIN based on your personal secret key. Which one is suitable in your environment depends on your work device management. Please contact your administrator to learn which software you can use.

Here are the most common products:

Apple iPhone/iPad

Apple Watch

Google Android

Windows Phone

Windows PC/Laptop

Blackberry

Authy

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Duo Mobile

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Free OTP

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Google Authenticator

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Toopher

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Microsoft Authenticator

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

Symantec VIP Access

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

WinAuth

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

1Password

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

images/s/-tu1lu0/8401/008d09724398b50e93468e30a239d4f6d750af9b/_/images/icons/emoticons/check.svg

How does it work ?

Login to trackSpace or docSpace as usual

Login as usual:

images/download/attachments/294992596/Login_Maske.PNG
Login Dialog

Read the Secure Login Welcome screen

images/download/attachments/294992596/secure_login_maske.png
Secure Login Welcome Dialog

The dialog shows you how to use your device to scan the QR code in the next step.

Click NEXT

WinAuth

If you are using WinAuth as your authenticator app, see the Onboarding with WinAuth page. Otherwise, continue here.

3. Scan the QR code with your device

The next dialog shows the QR code. Start your authenticator app and scan it (alternatively, user your camera to scan the QR code and open it then with your Authenticator app).

images/download/attachments/294992596/Qr-qode_Scan.png
Secure Login QR Code

4. Wait for the PIN code in your authenticator app

After the scan, the authenticator app will create an entry for the 2FA application. It will show the application name (in this example "trackSpace"), a 6- digit code and your company E-Mail Address.

The authenticator app will generate a new PIN every 30 seconds or so and refresh the display accordingly (I was lucky enough to catch just that PIN change when I took the screenshot of the Microsoft Authenticator).

images/download/attachments/294992596/image2019-10-11_21-7-2.png
Google Authenticator App

images/download/attachments/294992596/image2019-10-11_21-11-49.png
Microsoft Authenticator App Changing PIN

Enter the PIN in the Secure Login dialog

Enter the newest PIN code of your authenticator app in the Secure Login dialog and click CHECK PIIN

images/download/attachments/294992596/secure_login_maske1.png
Secure Login Dialog

Viola! You're in.

Do I have to do the scanning all the time ?

No, fortunately not. Scanning the QR code you only need to do once when you register your authenticator app. It is called the "On-Boarding" for the Secure Login.

Once you have registered your app, the next time you log in you will just be asked for your PIN. Open your authenticator app and use the PIN that displayed there for the approproate application.

Do I have to log in with a PIN all the time ?

Yes. That's what the two factor authentication is all about. After you registered your authenticator app just use it to get the current pin whenever you login.

How do I switch to a different authenticator app ?

You can change your authenticator app from the profile menu. Select the "Secure Login Profile" from there.

images/download/attachments/294992596/image2019-10-11_21-9-54.png
Secure Login Profile Menu

The following dialog will show your current Secure Token (QR code) that is connected to your current authenticator app.

images/download/attachments/294992596/Secure_Login_Self_Service.png
Secure Login Profile Dialog

In the case that you want to use a different authenticator app, click on REVOKE TOKEN .

You will then have to go through step 1. to 5. again, using your new authenticator app in step 3.

What if I lose my device or delete my key entry by mistake

In that case your secret key in trackSpace and/or in docSpace needs to be revoked by the admins so you can do the onboarding again.

Contact the ACC administration to do so at trackspace@lhsystems.com.

How you can prepare for such a case to recover your secret key:

Every user has his/her own 2FA user profile. You can access it from the profile menu in trackSpace or docSpace. Here you can either remove/revoke your key before resetting the phone to request a new onboarding, but also have a look at the current valid Secret Key. You can save this secret key as a "backup" somewhere. Should it happen that you accidentally reset your phone and thus lock yourself out, you can restore the key by entering the secret key from your backup in your authenticator app. This way you can log back into the system.