Mobile Application
The mobile application of ESET Secure Authentication On-Prem makes it easy to generate OTPs or approve push authentication requests to access computers, services protected by 2FA. The mobile application version 2.40+ supports authentication of multiple users, meaning, if you use several user accounts in a domain/network protected with 2FA, the authentication tokens of all your user accounts may be stored in your one mobile application.
The mobile application version 3.0+ supports Google Authenticator tokens. Instead of installing the Google Authenticator app, click the + button in the mobile application of ESET Secure Authentication On-Prem to scan the QR code when setting up 2-step Verification with Google Authenticator. Then you will be able to generate OTPs with ESA Mobile App instead of Google Authenticator App when signing in to a Google service protected by 2-step verification.
For instructions on installing and using the mobile application, click the desired mobile OS to be redirected to the corresponding article:
You can protect the mobile app from unauthorized access by setting a PIN code. To access the mobile app faster, allow the use of Fingerprint scanner (Android, iOS) or Face recognition (iOS) if biometric authentication is configured on your mobile device.
Note that in case of PIN-protected Mobile Application the message of Approve on phone is displayed on Android watch when a push notification is generated.
PIN-protected Mobile Application If the Mobile Application has PIN protection enabled, it will allow a user to log in using an incorrect PIN code to protect the correct PIN code from brute-force attacks. For example, if an attacker attempts to log into the Mobile Application using an incorrect PIN code, they might be granted access, but no OTP will work. After entering several wrong OTPs, the 2FA of the user account (which the Mobile Application belongs to) will be automatically locked. This represents a minor issue for a general user: If the user happens to log into the Mobile Application using an incorrect PIN code, then changes the PIN code to a new one, all the tokens included in the Mobile Application will become unusable. There is no way to repair such tokens—the only solution is to re-provision tokens to the Mobile Application. Therefore, we advise users to try an OTP before changing their PIN code—if the OTP works, it is safe to change the PIN code. |
OTPs and Whitespace OTPs are displayed in the mobile application with a space between the 3rd and 4th digits to improve readability. All authentication methods except MS-CHAPv2 strip whitespace from the provided credentials, so a user may include or exclude whitespace without affecting authentication. |