Complex challenges demand innovative solutions.
I encountered a complex challenge when facing a rollout of two-factor authentication to thousands of shared accounts, in less than a year.
How do you securely set up two-factor authentication on thousands of accounts, many accessed by hundreds of employees each?
Hardware tokens are too expensive.
SMS is insecure.
Google Authenticator is our only hope.
But there's a fly in the ointment: everyone needs to have the QR code (i.e. the secret).
It's difficult to share a secret securely -- far easier to share via bulletin boards, unlocked desk drawers, and cloud storage.
Enter Get2Factor.
Get2Factor is a ServiceNow scoped application that I created, which computes time-based one-time passwords (aka TOTP).
This enables the organization to maintain confidentiality and enable greater insight into the security posture of accounts using two-factor authentication.
Get2Factor is standards-compliant and feature compatible with Google Authenticator — but runs as a ServiceNow application, providing user functionality via Service Portal.
Get2Factor leverages the ServiceNow platform to encrypt and store the secret. This makes the secret inaccessible to users, overcoming some of the challenges these shared secrets present.