1 2 3 Previous Next 0 Replies Latest reply on Dec 31, 2015 11:21 AM by disabled_JackRodgers

    2 Factor Authentication is Weak

      Many corporations are beginning to use a second factor for validating a login, a PIN number is sent via email or text message and the user is required to enter it in a form field to continue.

       

      This fails remarkably easily if the device is stolen. Read my blog about this:

       

      http://fmpfirewall.com/2015/12/31/filemaker-security-2-factor-authentication-weakness/

       

      If your solution's security needs are minimal, this method will suffice. If your solution's security needs are very high due to being a financial database or medical or even one involving Home Security and Terrorists, then this type of authentication is suspect for the reasons I state in the blog post.

       

      I have worked on this concept for several years and recently devoted my full time to it and the ins and outs are mind boggling and trying to create a working security system within FileMaker is time consuming and frustrating as every idea seems to blow up into many problems. So I understand why scripters want to latch on to a simple idea as a complete solution when it is not.

        • 1. Re: 2 Factor Authentication is Weak
          wimdecorte

          Multi-factor authentication (MFA) is *NOT* weak.  It revolves around the principles of:

          - something you know (account / pw)

          - something you have (cell phone, RSA fob,...)

          - something you are (fingerprint, iris scan,...)

           

          You make a blanket statement about multi-factor authentication based on a where it would fail on this simple principle: if the something you have is the same laptop or device that the user needs to log into then that is a poor MFA implementation, not a failure of MFA.

           

          If users need to log into a laptop or a cell phone then no sane MFA implementation would actually use that device for the "something you own" part...   That's just very very very basic.

           

          No reason to spread fear and uncertainty about MFA...

          • 2. Re: 2 Factor Authentication is Weak
            wimdecorte

            Also, and to reiterate what has been said on a number of threads in the last month or so: FileMaker does not support native multi-factor authentication and I very strongly caution against scripted approach to mimic one.  It is not secure and it is not multi-factor authentication.

            • 3. Re: 2 Factor Authentication is Weak
              baldewicz

              Hi wimdecorte,

               

              I work for a company who is required to use either three step authentication or biometric authentication.  We are a Mac based business, so the fingerprint scanner options available on windows do not work for our needs.  This is an FDA requirement to be able to digitally approve records.

               

              Do you know of any resources that may be able to direct me to be able to implement this in a solution?

               

              Would you suggest against a scripted approach if the script allowed for the generated pin to be transformed similar to cryptography, then emailed to the user.  The user would then input the transformed pin and the system would transform it back to verify that it matches.  That way even if a user was able to see the generated pin it would not accept that pin as a solution? FileMaker's built in security would also be used.

               

              This was the best solution I could identify, I realize the transformation could be broken with enough effort.

               

              Thanks,

              Sandra

              • 4. Re: 2 Factor Authentication is Weak
                wimdecorte

                baldewicz wrote:

                 

                Hi wimdecorte,

                 

                I work for a company who is required to use either three step authentication

                 

                Would you suggest against a scripted approach if the script allowed for the generated pin to be transformed similar to cryptography, then emailed to the user.

                 

                I wold absolutely advise against scripting it.

                 

                FileMaker does not support native multi-factor authentication.  That means that whatever authentication you need to enforce that way has to happen upstream before the user has access to the FM solution.

                 

                FileMaker only has the 1-form authentication through the username and pw.  You can mimic other forms after the user has been authenticated that way but those are just for show; the user is already authenticated and in the solution before you run your scripts.

                • 5. Re: 2 Factor Authentication is Weak
                  baldewicz

                  wimdecorte,

                   

                  Thank you for your help, we will sadly need to look into a different option for when a user has to sign the file.  The three step authentication is only required for a digital signature, not for access to the file.

                   

                  Hopefully soon, we will be able to move away from paper records!

                   

                  Thanks again,

                  Sandra

                  • 6. Re: 2 Factor Authentication is Weak
                    wimdecorte

                    I don't think we are quite talking about the same thing then.  Capturing a signature is not the same as authentication for access to a solution.

                     

                    Can you explain a bit more what you are after and what the workflow would look like?

                    • 7. Re: 2 Factor Authentication is Weak
                      baldewicz

                      A user would need to authenticate to access the program, and would have various access depending on their job.  Once the information that is needed for the record to be complete various signatures are needed for a record to be considered complete.

                       

                      When a user would like to sign (our president, production manage, or person what was specified at the beginning of the layout)  using my idea, would need to click a button (send signature email).  This button would create a record in the signature table(displayed as a portal)  The user name of the person who needs to sign will be fill out in the GeneratedName field, also a Generated pin code field would be populated.

                       

                      An email would be sent to the user that needs to sign (not who clicked the button in some cases).  The email would give them a pin code that has been transformed, even though only the Generated pin code can be seen by the admin account.

                       

                      The user who needs to sign, they would need to log in and navigate to the correct record in filemaker and click the sign button.  A small layout would pop up asking for their pin, they would have to enter this pin, if the pin is correct, their signature would be generated.

                       

                      Does that make since?

                      • 8. Re: 2 Factor Authentication is Weak
                        wimdecorte

                        What is the value of the pin?  Is it to prove that the signer is who he is or is it to specifically track the signing event?

                        There s a subtle difference there - not sure I am explaining it well.  Here's another attempt: is the pin in lieu of a physical signature and you have to register the pin with the signing event?

                        • 9. Re: 2 Factor Authentication is Weak
                          Mike Duncan

                          An email would be sent to the user that needs to sign (not who clicked the

                          button in some cases).  The email would give them a pin code that has

                          been transformed, even though only the Generated pin code can be seen by

                          the admin account.

                          By transformed, do you mean obscured or encrypted? And if someone else can see it, is it the unobscured text? Also, email is not really secure.

                          The user who needs to sign, they would need to log in and navigate to the correct record in filemaker and click the sign button.  A small layout would pop up asking for their pin, they would have to enter this pin, if the pin is correct, their signature would be generated.

                           

                          Does that make since? (sic)

                          I'm not sure what you mean when you say "their signature would be generated." Perhaps all that is required is they click a button and enter the PIN they were emailed? That may be enough to accept a digital signature. I personally dislike apps that show your "signature" in a handwritten font to give the impression you signed it.

                           

                          I think the process you describe may (or may not) fulfill some compliance requirement, but it does not necessarily overlap with a security requirement, strictly speaking.

                           

                          Mike

                          • 10. Re: 2 Factor Authentication is Weak
                            baldewicz

                            Yes, the pin would be in lieu of the user typing their name.  The signature would then generate in that a timestamp would be entered, and mark a field would state complete for the signature.

                            • 11. Re: 2 Factor Authentication is Weak
                              baldewicz

                              Yes the generated pin would be encrypted.  Think in grade school A=1, B=2, ect but a more complex transformation matrix (I am a math nerd not a programer)  there may be a better way (read built in to filemaker).

                               

                               

                              Mike Duncan wrote:

                               

                               

                               

                               

                              I'm not sure what you mean when you say "their signature would be generated." Perhaps all that is required is they click a button and enter the PIN they were emailed? That may be enough to accept a digital signature. I personally dislike apps that show your "signature" in a handwritten font to give the impression you signed it.

                               

                              I think the process you describe may (or may not) fulfill some compliance requirement, but it does not necessarily overlap with a security requirement, strictly speaking.

                               

                              Mike

                               

                              They would enter their pin and it would mark the signature as complete.  No handwritten signature would be displayed just a field stating that the signature is complete.

                               

                              I know email isn't the most secure method, however it fits the FDA's requirements which is essentially what we care about.  In addition email is useful as all users will not be in the program at all times so by the pin being in their email, they will be able to sign at a later time also, as signatures can be requested by other users.

                               

                              I really home I'm being clear, most of my FileMaker is still done by the brute force and lacks much of the eloquence other users scrips have.

                               

                              Thank you wimdecorte and logicurio

                              • 12. Re: 2 Factor Authentication is Weak

                                I have been working for sometime on verifying a user that gains access or

                                even is given access. I have developed a method of analyzing a user based

                                on 20 or so gets which create a fingerprint of a login. I am working on

                                adding many more using various plugins. It's amazing the information that

                                can be learned. For instance, what USB devices are connected and should

                                these be allowed.

                                 

                                I started calling the fmpFirewall but that word caused a lot of backfire...

                                so I've changed the name to fmpLogin.

                                 

                                A few years ago a draft of this caught the former host logging in using the

                                owners account name and password and that of the manager after he was

                                dismissed. That's one weakness in that he controlled the account names and

                                passwords. I forced everyone to change their password, etc.

                                 

                                Since files are hosted 24/7 login rules become important as well as closing

                                the app over the weekend.

                                • 13. Re: 2 Factor Authentication is Weak

                                  The PIN does not really need to be encrypted since the FileMaker file will

                                  remain open to the record in question while the user checks their email. In

                                  effect the record will be locked by the user as long as it is not saved.

                                   

                                  User enters data and the record is not saved and clicks a button (that does

                                  not save the record) and the dialog appears asking for the PIN. The user

                                  checks their email program and receives the PIN and then enters it in the

                                  FIleMaker dialog.

                                   

                                  The script verifies the PIN and saves the record with appropriate data

                                  attached. If the PIN is wrong the dialog returns for a retry. The script

                                  can also send a second PIN. If the result is a total fail then the result

                                  can be marked with the record or it can be deleted.

                                   

                                  Locking the record is the key to the security of the process. Even if

                                  someone gets the PIN they can't use it if they don't have current access to

                                  the record.

                                   

                                  Naturally using a PIN without a record lock is not secure over email.

                                  • 14. Re: 2 Factor Authentication is Weak

                                    The reason I say it is weak is because I bypassed the 2 Factor Authentication in the demo file in about 5 minutes.

                                     

                                    OK, the file was a demo and not secured with anything more than the admin password... 

                                     

                                    But there are plenty of folks who think that the method shown should be used.

                                     

                                    The main weakness of any such idea is that FileMaker allows any field to be replaced by script (except calculated fields and container fields) using Replace Field. I simply created a remote TO in a new file and created TOs for the Persistent ID field and replaced it with my own. ZAP. I own the night.

                                     

                                    Being able to replace the value of a field using a script or button is a great weakness for security.

                                     

                                    I have solved that problem and now i understand why different people are telling me it won't work because it took a lot of time, thought and hard work to make it happen.

                                    1 2 3 Previous Next