Two-step verification by default for all users & clients

  • 14
  • Idea
  • Updated 4 weeks ago
  • (Edited)
Hi there

Currently the user has to activate the two-step verification on his own. That should be activated by default from an admin so that all users and also clients has to use the feature.

Background: Using the mail encryption feature a client user who receives an encrypted mail can open it without any two-step verification. That's not security.

We're currently have an invitation to tender to offer mail encryption for up to 7500 users.

Thanks and best regards
Udo
Photo of UdoJ

UdoJ

  • 234 Posts
  • 47 Reply Likes

Posted 11 months ago

  • 14
Photo of Rob Kuipers

Rob Kuipers

  • 15 Posts
  • 7 Reply Likes
I agree with UdoJ, we send links for sensitive data all the time and to make it more secure the two-step verification by default gives us the security we need.
Photo of UdoJ

UdoJ

  • 234 Posts
  • 47 Reply Likes
Thanks Rob, perhaps vote upper right also :-)
Photo of Adam B

Adam B

  • 4 Posts
  • 3 Reply Likes
For added flexibility, I'd like to suggest that when the two factor requirement for clients and employees feature is implemented, it should be assignable via a ShareFile policy that can be assigned to a group.  That way, if there is a particular group that for whatever reason doesn't require two factor authentication, it doesn't have to be applied to everyone login on the entire account. I also highly recommend implementing alternate versions of two factor authentication other than SMS and voice.  For example, Google Authenticator is considered more secure since SMS can be intercepted.

Please raise the priority on this request!

Thank you!
Photo of BillC

BillC

  • 3 Posts
  • 4 Reply Likes
I agree with this 100%.

It is a major security issue in that employees have access to all client data and if they are compromised, so is all of the client data. Clients only have access to their data, so that is not as big a concern.

There is not even a report on which employees have enabled 2FA.

This is now a deal breaker for us, given all the security breeches that have occurred in the world lately.

ShareFile needs to get caught up to the times.
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes
you can get a report via powershell about the 2FA per User. Search in this forum and you will find it.
Photo of BillC

BillC

  • 3 Posts
  • 4 Reply Likes
Thanks for the response David. 

Unfortunately, I couldn't find a reference to powershell reports for 2FA or Two Factor Authentication.

In any event, this still seems to be a major weakness to the ShareFile framework and they should improve the implementation and reporting on 2FA.
Photo of Cindy Morda

Cindy Morda

  • 18 Posts
  • 2 Reply Likes
I'm going to jump in on this issue also.  Our clients are now requiring us to use two-factor authentication to secure their data.  ShareFile, can you please let us know if we can expect to see the enforcement of two-factor authentication in a future release?  We need to hear from you on this issue.  Thank you!
Photo of Pereira

Pereira

  • 8 Posts
  • 1 Reply Like
We also activated 2FA, but we have no control who is using them. I opened a support case and Citrix told me that 2FA for all users is currently on the long-term roadmap without timeframe when this will be implemented. I hope this will come very soon. And the suggestion from Adam to implement 2FA for a group, is also a good idea. The actual method that only 2FA is asked when using a new machine is very good. Thank you.
Photo of Andrew Colombino

Andrew Colombino

  • 19 Posts
  • 4 Reply Likes
Our firm would like to have this feature too.

It would be nice if we could enable mandatory 2FA and the next time the users log on, they're asked to set it up before continuing.