We have received quite some cases from our partners that when their end customers' machines were being hacked, the hackers also entered their OBM / ACB client backup software and removed their backup set data from OBM/ACB > Utitilies > Delete Backup Data.
Therefor, to remove such loophole and to further enhance the security for our Ahsay Backup Software , starting from version 8.3 to v8.7.x.x, Twilio has been integrated in Ahsay for providing Multi-Factor Authentication (MFA) to system and backup users. When MFA is enabled to a system or backup user account, the user is required to enter SMS passcode during each login process besides entering the Username and Password.
First of all, you need to create an account on Twilio's platform. After having an account, get a number from Twilio for sending out SMS message.
After getting a phone number for sending SMS, go to Settings.
Under API Credentials, enter the LIVE Credentials (Account SID and Auth Token) and your Twilio phone number into AhsayCBS > System Settings > Basic > Multi-Factor Authentication (MFA).
Click the green Save button.
Enter a phone number for receiving passcode thru SMS sent from Twilio. Then, click the Tick button.
You should be able to receive an SMS like this.
Enter the passcode into the following screen, then click the Tick button.
You should be able to see this message: “Test completed successfully”, meaning Twilio has been configured successfully on your AhsayCBS.
Now, we can enable MFA to selected AhsayOBM / AhsayACB users. By default, all users are with the MFA feature disabled.
To enable MFA for a user, click into the user account > User Profile > Security Settings tab. Then, enable the Security Settings feature.
Click the Add button.
Enter the user's phone number for receiving passcode thru SMS sent from Twilio.
Right after enabling the feature, the status is not yet verified. Click the green Save button to save enabled MFA setting.
MFA is enabled for the selected user.
The user can now open AhsayOBM / AhsayACB's software and enter Login Name and Password as usual.
The user now needs to click on the phone number configured for receiving SMS passcode.
Check the phone for the SMS passcode info.
Enter the passcode into AhsayOBM's corresponding field.
You can also enable MFA to selected system user(s) for logging into AhsayCBS web console if needed.
Click into a system user.
Enable the Security Settings.
Save the enabled Security Settings.
Now whenever the system user logs in to AhsayCBS, SMS passcode is required.
Read the corresponding section in this AhsayCBS Administrator Guide for more details of this feature.