Concept
One-Time Passwords (also called MFA Secret Codes) are used as additional security for some devices, websites, etc. Usually an MFA Application (like LastPass, Google Authenticator, Microsoft Authenticator, etc) would be used to access this code. However, in some scenarios it might not be practical to have this information stored on each technician's Mobile Device. To accommodate this, the Quickpass Tech Vault can store this data for you so that the access to these codes can be centralized.
Prerequisites
- Tenant is Enabled with Tech Vault
- Tenant has QDesk, QGuard, or the Bundle Account Plan
- Login Role has access to the Customer and the Password Access Group has not limited the Login Role's Access to the Password Entry (see https://support.getquickpass.com/hc/en-us/articles/5414744454295-Quickpass-Password-Vault-Security for instructions for limiting access to a Password Entry)
- Customers created in Quickpass Dashboard https://support.getquickpass.com/hc/en-us/articles/360035206574-How-to-Create-New-Customer
- Passwords are stored in the Quickpass Password Vault
Implementation
- When creating or editing a Password Entry in the Quickpass Tech Vault a One-Time Password (OTP) can be added.
-
Usually these are called "Secret Code", "Secret Key", "Backup Code", or can be shown when manually entering the MFA into any MFA app when the QR Code doesn't work or is not scannable.
NOTE: The industry standard and RFC4648 requires the characters to be Uppercase. If your provider has shown you the Secret Code in Lowercase characters, please convert to Uppercase. - Enter the Secret Key into the box and click Save.
Viewing the OTP
- The Passwords page of the Customer Dashboard will show the Password Entry
-
- If the Password Entry has an OTP stored for MFA purposes, you can click the OTP button to view it
The One Time Password (MFA) code will be shown in a Pop Up Window
The Current OTP Code will be shown. At the bottom is an indicator line to show how much longer that OTP will be valid for.
The OTP can also be revealed via the password details page. Click on the Password Entry on the password list to view additional details.
-
- One-Time Password can be viewed by clicking the Reveal OTP button
The Current OTP Code will be shown. At the bottom is an indicator line to show how much longer that OTP will be valid for.
- One-Time Password can be viewed by clicking the Reveal OTP button
Editing or Deleting the OTP
- Searching for the Password Entry, or scrolling through the list of Password Entries, from the Passwords page of the Customer Dashboard will show the Password Entry
- The returned results will be displayed
- Click on the displayed Password Entry to view additional details.
- Click on the Edit Button in the top Right Corner of the Password Entry screen
- If the MFA/OTP needs to be changed enter the new value for the OTP Secret Key - and then click the Save button.
- Usually these are called "Secret Code", "Secret Key", "Backup Code", or can be shown when manually entering the MFA into any MFA app when the QR Code doesn't work or is not scannable.
NOTE: The industry standard and RFC4648 requires the characters to be Uppercase. If your provider has shown you the Secret Code in Lowercase characters, please convert to Uppercase.
- Usually these are called "Secret Code", "Secret Key", "Backup Code", or can be shown when manually entering the MFA into any MFA app when the QR Code doesn't work or is not scannable.
- If you want to Delete the One-Time Password click the Trash icon
NOTE: This action is NOT reversible and the Secret Key cannot be recovered. Ensure you have access to the Account you are removing this for prior to deleting the OTP.
Comments
0 comments
Please sign in to leave a comment.