New security features for RusTECH Hosting

As part of our drive to ensure our customers and your account data remain secure, we have implemented a two-factor authentication system for our Web & Cloud Hosting Client Portal.

By implementing this feature, RusTECH is adding an extra step in ensuring your client data remains secured. We encourage all of our hosting customers to enable two-factor authentication for your hosting client portal login. To ensure the utmost of security, we require all employees that have access to the Hosting Client Portal systems to use two-factor authentication.

At this time, two-factor authentication is an optional feature for our clients to use for login, but in the future it may become a required feature to ensure no customer account ever becomes comprimised. We will send out notices at that time when it does become a required feature.

RusTECH Solutions recommends the use of Google Authenticator for either your Andriod / Apple iOS device, or Authenticator for Windows phone devices at the time of this posting. We will research other capable apps for use that support the two-factor based feature that we have implemented. 

What is Two-Factor Authentication?

Two-factor authentication adds an additional layer of security by introducing a second step to your login. It takes something you know (i.e.: your password), and adds a second factor, typically something you physically have (such as your phone). Since both are required to log in, in the event an attacker obtains your password two-factor authentication would stop them for accessing your account. 

Why do you need it?

Passwords are increasingly easy to compromise. They can often be guessed or leaked, they usually don’t change very often, and despite advice otherwise, many of us have favorite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account.

How does it work?

The most common and simplest to use that we implemented is time based one-time passwords. With these, in addition to your regular username & password, you will also have to enter a 6 digit code that changes every 30 seconds. Only your token device (typically a mobile smartphone) will know your secret key, and be able to generate valid one time passwords for your account. And so your account is far safer.

Time Based Tokens

Time Based Tokens work with any OATH software such as Google Authenticator for Android and Apple iOS, and Authenticator for Windows Phones . Once activated, users will be required to provide a second form of Authentication that only they have access to. This Authentication comes in the form of a 6 digit passcode that expires every 30 seconds.
 

QR Code

 How does it work?

Upon initial setup, Token Based Two-Factor Authentication is actived, and you will be presented with a QR code to scan using your smartphone / tablet device. Once this is scanned, your device will then store authorization to generate a pass code and authentication to your WHMCS installation. Every 30 seconds, a new 6 digit code will be generated through your OATH application of choice which will be used as your second form of Authentication during login to your secured hosting client account.


Why do I need this?

Many individuals tend to use the same password for all of their login points. In the event that a malicious user gains access to one of your logins, they could potentially gain access to all other login-required sites like your bank account, facebook, email and others that use the same password. Two-Factor Authentication puts a stop to that by requiring users who succesfully login in with a user & password combintation to use a physical device they posses for futher verification.