Over the past decade, there has been a steady uptick in security breaches and unauthorized access to user accounts across the various digital platforms we use daily. These breaches affect the majority of web-based tools, from banking, email services and social media, to critical infrastructure. Threats like this pose a significant challenge to organizations and individuals alike.
We understand how important robust security measures are for our clients, and so we are happy to announce that we have recently added optional Time-Based One-Time Password (TOTP) authentication into Radiant WebTools' login flow.
This addition comes as a direct response to requests from our valued clients who recognize that this extra layer of protection provides them with enhanced security and peace of mind.
So what is TOTP?
Time-Based One-Time Password (TOTP) authentication is a common form of two-factor authentication used by platforms across the web. Traditional passwords are vulnerable to various risks: weak passwords, password reuse and brute-force attacks. TOTP authentication reduces this risk by generating a temporary, unique, 6-digit, time-synchronized number that is to be used in combination with the traditional username and password to validate a user’s identity.
Since the temporary password is generated locally by the user's authentication app, it cannot be intercepted by malicious actors attempting to steal sensitive information. This protection ensures that even if users unknowingly provide their login credentials to a fraudulent website or phishing attempt, the TOTP code remains secure, preventing unauthorized access.
How Does TOTP Work?
TOTP authentication significantly strengthens the security of user accounts. By requiring both something the user knows (the password) and something the user possesses (the authenticator app), TOTP adds an extra layer of protection against unauthorized access. Even if an attacker obtains the user's password, they would still require the time-bound TOTP code to gain entry. Once set up, TOTP offers a seamless user experience.
#1. The Setup
To enable TOTP, users must enroll their accounts by scanning a QR code or entering the secret key provided by the platform into an authenticator app like Google Authenticator, Authy or even password managers like Bitwarden or 1Password. The platform generates a unique secret key associated with the user's account during setup. This key is securely stored on the server and shared with the authenticator app.
#2. The Authenticator App
Using a combination of the shared secret key and the current time, the authenticator app generates a time-based password. This password changes at regular intervals (usually every 30 seconds), providing you with an additional layer of security.
#3. Authentication Time
When logging into the platform, users provide their username and password as usual. Once submitted they are then prompted to enter the TOTP code displayed by their authenticator app. The server generates a corresponding code using its copy of the securely stored secret key and if things check out, the user is logged in.
Our goal with TOTP is to provide our users with an added layer of security and continue to instill confidence and peace of mind in the safety of their accounts while staying one step ahead of potential security breaches.
By integrating this robust two-factor authentication mechanism into Radiant WebTools, we’ve taken a proactive approach to cybersecurity, addressing the growing concerns surrounding data breaches, phishing attacks and password vulnerabilities.
