Authentication options
ESET Secure Authentication (ESAC) provides several options for authenticating users to access computers or services protected by two-factor authentication.
- OTP (one-time password) received via SMS—requires SMS Credits or custom delivery utilizing a custom SMS gateway
- OTP generated via ESA mobile application
- Event-based OTP (HOTP)—expires when used or when generating a new OTP
- Time-based OTP (TOTP)—expires within a few seconds (expiry animation displayed in the mobile application) even if not used
- OTP delivered via email
- Push Authentication
- Hard tokens
- OTP received via custom delivery option
- FIDO—only one FIDO authenticator can be registered per user
|
Security of authentication options ESA offers a wide range of 2FA methods that fit the varying preferences of our customers. The most secure and highly usable is Mobile Application Push (Push authentication). Still highly reliable, but in some situations, less convenient are: Mobile Application OTP, Hard Token, and FIDO. SMS-based OTPs, thus still available, are not considered the most secure mainly due to the underlying security used in the SMS delivery systems. When choosing the delivery of OTP by email, there might be usage schemas having weaker security. |
|
Reliability of SMS delivery Due to the technical nature of SMS messages, which are typically handled by local operators of telecommunication services, the reliability of SMS delivery to end-user mobile phone cannot be guaranteed by ESET. |
Windows Login protection in offline mode
When using the Windows Login protection in offline mode, the following options are available to authenticate a login attempt:
- Hard tokens (event-based OTP only)
- OTP generated via ESA mobile application (event-based OTP only)
- FIDO
|
Offline OTPs In offline mode, only 20 OTPs are cached by default. Cache renewal occurs in the following ways:
|