Enabling Two-factor Authentication for Your Organization

Recent high-profile, security breaches have proven that relying solely on passwords is becoming less adequate for protecting sensitive systems and data. The vast majority of these breaches in the industry have started with some kind of malware listening to keystrokes on client computers, gathering credentials to various online services and sending this information to the attackers. These credentials are then used to provide unauthorized access to these services.

As LogMeIn continues to advance our security features, we are committed to ensuring the ease-of-use for users combined with components that promote secure, safe, and wise use of our products.

Today, when you log in to your LogMeIn Central account you will be greeted by a page asking you to enable two-factor authentication (2FA) for your entire organization. Here you can easily enable 2FA for you and all of your invited users, thereby adding that extra layer of security that will help prevent unauthorized access to your account.

2faLogMeIn has introduced a number of new security enhancements in recent months and this latest addition is focused on the ability to enforce a policy to all users in an account.

Why 2FA?
Two-factor authentication adds a second layer of protection to your LogMeIn account that is difficult to compromise through these types of attacks. When 2FA is enabled, the password alone does not grant access to your Central account. In addition to the password, you are prompted to enter a one-time security code. Users have the opportunity to set this up from either a mobile authenticator app (the most common option) or via SMS text message.  Additionally – if the primary method is unavailable, users will be able to request a code via an email backup. Users can use:

  • LogMeIn Authenticator App  – NEW
  • Google Authenticator (available on iOS & Android, and equivalent on Windows Phone)
  • Security Codes via SMS
  • Emailed Security Codes – (backup option only)

For successful authentication, both the password and the correct one time code must be entered.

Enforcing 2FA
While using 2FA is a highly recommended best practice, it is also mandatory by various security standards, such as PCI DSS or HIPAA. If you have multiple users, it is crucial that all of them follow the policy that you set, including using 2FA when they access your Central account. You can enforce this on the Login Policy settings page in the Users menu on the left navigation bar.

login policy

For a detailed overview of LogMeIn’s security enhancements including 2FA, check out our online guide or login now to adjust your settings.

    
Sandor Palfy

Written by

Sandor is the Chief Technology Officer of the Identity & Access Business Unit at LogMeIn.