Two Factor Authentication (2FA)

CompleteFTP Enterprise Edition supports Two Factor Authentication (2FA) through the use of Google's free Google Authenticator app and other compatible applications. It can be enabled by checking a single checkbox. Once enabled, web users will be required to install the app and activate the site before they can access CompleteFTP via HTTP/HTTPS. 2FA is not currently supported in protocols other than HTTP and HTTPS. It is, however, compatible with all authenticators available in CompleteFTP, such as SAML, Active Directory, external database and custom authenticators.

How does Two Factor Authentication work?

2FA invokes the security principle of 'Something you know and something have'. The 'something you know' is your password and the 'something you have' is a device that generates One-Time Passwords (OTPs). With CompleteFTP's 2FA, the device is a mobile phone (Android or iPhone) that has the free Google Authenticator app installed, and the OTPs are 6-digit PINs that change every 30 seconds. The trick is that only Google's server and each specific instance of the app know the value of the PIN at any given time, so if the correct PIN is entered then we can trust that the user has the phone on which the app is installed. The PIN synchronization between the server and the phone is done by scanning a QR code that's generated by Google and scanned by the app. Each QR code is unique to the specific logged-in user on the site.

How users experience Two Factor Authentication

Once 2FA has been enabled by the admin users will have to go through an additional step after entering their user-name and password before they can enter the site.

Other features