• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Products & Services

Launching Two-Step Verification

By Philip Thomas
Posted on May 22, 2014
Updated on April 15, 2020

Share

FacebookTweetLinkedIn

Screen Shot 2014-05-22 at 9.41.02 AM

What

Two-step verification, also known as two-factor authentication, makes logging into online accounts safer by combining something memorized – a password – with something possessed – a time-based security code. This account security feature is now available for all customers in the Umbrella Dashboard.

Why

Accessing most online accounts requires a username and a password. A password alone is not a strong way of ensuring account security – passwords can be shared between accounts and people.

Two-step verification adds a second step to the login process to prevent unauthorized access. After supplying the account password, the user inputs a time-based security code that is generated. This security code changes to a new seemingly random code every 30 seconds, so to gain access to an account you must physically possess the source of codes. This helps ensure that only the owner of the account may sign in.

How it Works

Two-step verification implements a one-time password system. The basic goal of the system is to verify that a user is who they say they are without communicating anything secret. It does this by generating security codes that change based on time. The system is designed so that, even if all of the security codes are stolen – for example, if traffic is being intercepted – then future security tokens cannot be predicted. Unlike passwords, if a security token is stolen, it is only valid for up to 30 seconds.

Creating these security tokens in a deterministic but seemingly random way is accomplished by sharing a secret key between the user and the server. After this secret key is synchronized it is never shared again. The server and user combine this secret key with the current time using a hashing algorithm to generate one-time passwords. By standardizing the hashing algorithm and ensuring accurate clocks, the same six-digit password is generated by both the user and the server.

If the security token sent by the user matches the one generated by the server, then it is assumed that the user has the correct secret key and is who they claim to be.

How

Three main methods of implementing one-time passwords exist. Because the generation of the token requires an intense mathematical hash the system is not simple.

Hardware Tokens have a secret key, then calculate security tokens that they normally display on a screen. These types of devices have been a common sight on the keychains of banking employees for decades.

In an SMS-based system, the server generates the token, sends it to the user via SMS, then the user inputs it into the login system. In this sense, the server sends a code to the user then makes sure that it receives back the same password the user received.

The third method of one-time password generation is with a smartphone application such as Google Authenticator or Authy. After a user downloads the smart phone application, they enable two-step verification on their account and receive the secret key by scanning a QR code. In this setup, the user’s phone calculates the one-time password every time that they try to sign in.

OpenDNS Implementation

Two-step verification at OpenDNS began as a hackathon project. After a team of engineers built the two-step verification system in a 24-hour, coffee-fueled sprint, the project was passed onto the A-Team to ready it for production.

OpenDNS supports SMS and App-based two-step verification. To enable it on your account, in the Umbrella Dashboard go to your account settings.

OpenDNS provides a recovery code when you enable two-step verification. This code allows you to disable two-step verification should you lose your phone. Treat this recovery code like a password but store it separately from your account password – our engineers prefer keeping recovery codes in a Truecrypt volume on Dropbox or in 1Password.

App or SMS?

SMS is the easier option. It requires no application, it works on any phone that uses text messages, and if a user loses their phone then the new one can still have the same phone number. Because the text message passes through many services in plaintext before it reaches the user, this is not as secure as having the user generate their own one-time password.

Phone applications are the recommended choice because the user generates their own security tokens every time they log in. In addition, the application still generates tokens without cell signal or internet.

Next Steps

Log into the Umbrella Dashboard and improve your account security with two-step verification.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella