ESET Online Help

Select the topic

Authentication options

ESET Secure Authentication Cloud Early Access (ESAC EA) provides several options for authenticating users to access computers or services protected by two-factor authentication.

OTP (one-time password) received via SMS—requires SMS Credits or custom delivery utilizing a custom SMS gateway

OTP generated via ESA mobile application

oEvent-based OTP (HOTP)—expires when used or when generating a new OTP

oTime-based OTP (TOTP)—expires within a few seconds (expiry animation displayed in the mobile application) even if not used

OTP delivered via email

Push Authentication

Hard tokens

OTP received via custom delivery option

FIDO—only one FIDO authenticator can be registered per user


Security of authentication options

ESA offers a wide range of 2FA methods that fit the varying preferences of our customers.

The most secure and highly usable is Mobile Application Push (Push authentication).

Still highly reliable, but in some situations, less convenient are: Mobile Application OTP, Hard Token, and FIDO.

SMS-based OTPs, thus still available, are not considered the most secure mainly due to the underlying security used in the SMS delivery systems.

When choosing the delivery of OTP by email, there might be usage schemas having weaker security.


Reliability of SMS delivery

Due to the technical nature of SMS messages, which are typically handled by local operators of telecommunication services, the reliability of SMS delivery to end-user mobile phone cannot be guaranteed by ESET.

Windows Login protection in offline mode

When using the Windows Login protection in offline mode, the following options are available to authenticate a login attempt:

Hard tokens (event-based OTP only)

OTP generated via ESA mobile application (event-based OTP only)



Offline OTPs

In offline mode, only 20 OTPs are cached by default. Cache renewal occurs in the following ways:

Automatically upon successful login in online mode

10 minutes after successful offline login, the ESA component attempts to download new OTPs. The next attempts are every 60 minutes

If a new network is connected (for example, the network adapter is restarted), the ESA component attempts to download new OTPs immediately