We take a very pro-active approach to the security of our customer’s MIDAS systems and data, and we always strive to provide administrators and users alike with a wealth of security features and settings within our software.
→ Read our Tips for keeping your MIDAS secure
We’re further enhancing the security options available in our web based room booking and resource scheduling software by introducing optional two-factor authentication in MIDAS v4.10.
What is Two-Factor Authentication?
Traditionally, when you access a website/app/online service which requires you to “log in”, all you need to provide is your username (or email address) and a password in order to authenticate your access.
Unfortunately, many people use the same credentials (username/password) over and over again for multiple websites/apps/online services. This means that if one of those services gets “hacked” and has a data breach and user’s credentials are exposed, an attacker could potentially then access all other websites/apps/online services the user uses.
Two-factor authentication combats this, by employing a secondary means of authentication in addition to the traditional username/password combination in order to authenticate your access to the website/app/online service when you login. This means that even if your username/password were compromised, an attacker couldn’t then use these on their own to gain access to your account.
How does two-factor authentication work within MIDAS?
Without two-factor authentication enabled in MIDAS v4.10, users simply login using their email address and chosen password. (A wealth of other customizable security features however are already built-in to MIDAS help prevent “brute force” attacks)
However, with the new optional two-factor authentication feature enabled in v4.10, users enter their email address and password as normal, but then MIDAS then emails the user a security code and presents a web page for this code to the entered. Once the user enters the code they’ve received in an email, the two-step login process will be complete and they will be successfully logged into MIDAS.
This ensures that in order to gain access and login to MIDAS, a user needs to know their MIDAS credentials and also have access to their own email account to retrieve a special security code upon each login.
As such, for two-factor authentication to be an effective security tool, users should ensure that they use a unique password for their MIDAS account (i.e. one which isn’t the same as the password they use to login to their own email account!)
For more information on the existing security settings and features available within MIDAS, please see: //mid.as/help/manage-security-settings
| Want to help shape and improve future MIDAS updates? Then why not consider becoming a Beta Tester? – it’s free, there’s nothing to install, and no technical knowledge is required! |
As many of you may already be aware, information was released on Tuesday this week about a major Internet vulnerability widely referred to as “Heartbleed”.