View Security Strings How To Guide

From Swivel Knowledgebase
Revision as of 11:48, 8 May 2012 by Gfield (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Overview

PINsafe has a number of alternative methods to allow authentication should difficulties arise. This document outlines how to use the View Strings function for troubleshooting and as a backup authentication method.


Prerequisites

PINsafe 3.7 onwards


View Security Strings Guide

To view a users security string that they have been sent by email or SMS, on the PINsafe Administration Console, select User Administration, then click on the required user (search or filter as necessary to find the required user), then click on View Strings.

Single Channel Options Show, generates a single Channel authentication, valid for 2 minutes by default. Note generating a Single Channel image will prevent use of other authentication methods in the default time period until the expected single channel authentication is made. A new unique string is generated each tie the image is refreshed, rendering the previous image invalid.


Dual Channel Shows the last dual channel security string sent to the user and any string index where multiple security strings are used, to tell the user which security string to use. If no Dual Channel message has been sent to the user then the following message is displayed No Dual Channel strings available

Note: On the PINsafe Administration console it is viewed as a single channel image, but for the user it will be sent by their transport method.


Token Shows the token/mobile Phone Client security expected any string index where multiple security strings are used, to tell the user which security string to use. If no Dual Channel message has been sent to the user then the following message is displayed No Token strings available

Note: On the PINsafe Administration console it is viewed as a single channel image, but for the user it will be sent by their transport method.


PINsafe 3.8 User Administration User Management view Strings.jpg


Using View Strings as a Backup Authentication

If a user loses their mobile device and needs authenticating before a replacement can be provisioned, cannot receive an SMS message, or view the single Channel TURing image, then the View Strings can be used to provide the user with a valid security string.

Other alternatives are:

  • Use mobile Phone Client where no SMS is being received
  • SMS where security strings cannot be downloaded to the mobile phone Client
  • Enable Single Channel TURing authentication for the user

Security Note: It may not be appropriate to use Single Channel backup authentications where two factor authentication is mandatory.


The View Strings Backup authentication process is given below.

User calls helpdesk by landline

User Provide Username

Helpdesk View Strings for user

Helpdesk provide the required security string for the user

Call ends

User calculates OTC using their own PIN

User Authenticates


If further user authentication is required to determine the user please contact your Swivel Secure Sales representative to discuss additional options.


Testing

Known Issues

PINsafe 3.8.4256 has an error whereby On demand authentication security strings do not match those in the View Security strings. An authentication attempt will produce the error messages:

RADIUS: <0> Access-Request(1) LEN=192.168.0.1:1001 Access Request by username Failed: AccessRejectException: AGENT_ERROR_NO_SECURITY_STRINGS

and

Login failed for user:username, error: The user does not have any security strings suitable for the authentication.


Troubleshooting