LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

DuoSecurity: Advanced Two-Factor Login for LuxSci’s Web Interface

Share Post:
More...

Two-Factor logins require users to

  1. Enter their username and password properly (the 1st factor)
  2. Authenticate a second way (e.g. by entering a code delivered to their mobile phones).
Use of two-factor authentication ensures that even if a user’s password is discovered, guessed, or captured, a malicious user still cannot gain access to the user’s account … at least not without also having access to the second factor.
Two-factor authentication significantly enhances the security of any system:
  • LuxSci staff use it for all administrative actions both through our web interface and at the server command line.
  • It is required for PCI compliance
  • It is good for HIPAA compliance
LuxSci has long offered a simple and effective Two-factor option for its web interface.  Now, LuxSci also supports DuoSecurity Two-Factor authentication with its web interface.  This option provides many advanced user and administration features and is very cost-effective (usually free) for small organizations.

Compare Two-factor Options at LuxSci

LuxSci customers now have three options for two-factor authentication: SMS/text message, email to alternate email address, and use of DuoSecurity.  All three options are free/included with your LuxSci account; however, the DuoSecurity option requires that you set up an account with DuoSecurity first.  DuoSecurity accounts for 10 or fewer users are free, and they also have a 30-day free trial.

In the following table, we compare the features and functionality of each of these three options.

Feature SMS/Text Alt. Email DuoSecurity
Cost Free Free Free up to 10 users; $30/mo for each additional 10 users
Two-factor Authentication
via email message sent at login
via SMS/Text message sent at login
via batch of codes in a SMS/Text message sent ahead of time
via hardware token
via telephone call to any phone, anywhere
via push – tap to confirm on your iPhone or Android
via App – get passcodes from a free mobile app available for all smartphones
Backup methods: setup multiple phones or devices and choose which to use at login
Bypass Code – Administrators can generate a one-time code that will let a user login, even if the user has lost access to his/her second factor.
Users can enable their own Two-Factor method
Administrators can enable and enforce Two-Factor authentication for users
Administrators can configure users’ Two Factor options for them
Administrators can view authentication logs

There are many other minor configuration options available with DuoScurity like lockout after failed attempts, re-sending SMS codes once the ones already sent are used up, etc.

We highly recommend use of DuoSecurity for two factor authentication due to its feature rich nature and cost effectiveness. Its well worth it, even for just the ability to have backup second factor devices and to generate bypass codes in case of emergency. At LuxSci, we all use our mobile phones as our first factor and hardware tokens as a backup — just in case a phone is unavailable.

Setup Two-Factor Authentication at LuxSci

If you are going to use DuoSecurity, you need to:

  1. Go to www.DuoSecurity.com and create an account
  2. Login and click on “Integrations” and make a “New Integration” of type “Web SDK”
  3. Login to your LuxSci account and proceed to either “Account > Advanced Administration > Security > DuoSecurity Two Factor” (for enabling DuoSecurity account-wide), or “Account > Domain Administration > Select a domain > General Settings > DuoSecurity Two Factor” (for enabling DuoSecurity for a specific domain).
  4. Copy and paste in DuoSecurity Integration Key, Secret Key, and API hostname that they provide to you.
  5. Select if DuoSecurity Two Factor should be required for all users, or optional (e.g. they can opt to use it, but its not enabled by default).

If you have specified that DuoSecurity is required, then setup is complete — all affected users will be required to use it going forward when they login to the system. If you have not pre-configured “second factors” for them, then they will be forced to do it as part of their next login to the web interface (this is a pretty simple process).

If you are not using DuoSecurity or have left it as “Optional”, then the next step is for your users (or their account administrators) to:

  1. Login to LuxSci
  2. Go to “Account > My Profile > Two-Factor Authentication”
  3. Select the desired SMS, Email, or DuoSecurity option

What else can I do to protect my login?

In addition to choosing a good password, there are many things you can do at LuxSci to help secure your logins:

  • Update your settings to enforce use of only secured connections (SSL or TLS) when connecting to WebMail and other LuxSci services such as IMAP, POP, SMTP, FTP, and MySQL.  This prevents your username, password, and other data from being eavesdropped on.
  • Use OpenID instead of a username and password to login to the Web Interface.
  • Restrict permission to login to your account to specific IP addresses or geographic regions
  • Password policies – configure minimum password strengths, ensure your password must be changed frequently, and that old passwords are not re-used, and that password guessing is not permitted.
  • Have alerts sent to you about successful and/or failed logins — so that you are immediately aware of any unauthorized login attempts.
  • Remove access to LuxSci services that you are not using. E.g. if you don’t use POP, but have access to it — disable access to prevent unauthorized people from trying to access your email or guess your password through that service.

These features and many more are standard with LuxSci accounts.

Share:
More...

Leave a Comment

You must be logged in to post a comment.

Security Certifications TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries