GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » KC 9.4.1 2FA success stories?
KC 9.4.1 2FA success stories? [message #151340] Thu, 24 March 2022 16:20 Go to next message
McIrish is currently offline  McIrish
Messages: 252
Registered: October 2011
Hi,
I'm trying to wrap my head around 2FA in Kerio Connect. I'm hesitant to enable it as I'm not up to speed. I did read doc on it but the info doesn't seem complete to me. I could just start messing with it on a test user but I'd love some feedback from those of you who have implemented it.
1) Did you enable it globally and force it for all users?
2) What steps did you do to train end users on how it works?
3) Any issues you have run into?

For the most part, all of the clients are using Outlook 2016 on both PC and Mac. A few people use the web client, but the vast majority have never logged into the web client.

Thanks for the tips
Re: KC 9.4.1 2FA success stories? [message #151348 is a reply to message #151340] Sat, 26 March 2022 12:23 Go to previous messageGo to next message
ThinkYEAH is currently offline  ThinkYEAH
Messages: 9
Registered: February 2019
I have tested it, but i had to disable because i can't use my email with Microsoft Outlook 2019, maybe there is any way to make it work but i have no idea.
Re: KC 9.4.1 2FA success stories? [message #151687 is a reply to message #151348] Fri, 20 May 2022 20:46 Go to previous messageGo to next message
afisher is currently offline  afisher
Messages: 26
Registered: April 2011
I have it enabled on a few accounts and as expected the google authenticator app on my phone works just fine. For the rest of the work force without company phones, Im suggesting we buy programmable tokens https://deepnetsecurity.com/products/programmable-tokens/ . These are $25USD/ea and can be used for one OTP account each. Another option that works is the Authy desktop software (free) which works just like an smartphone authenticator app but on your desktop. If anyone knows of a better way to do this, i'm all ears.

As for your outlook, you are using the app password that is generated in the webmail right? You can't 2F outlook as far as I know, so you need to use the app password just like you would on your phone.
Re: KC 9.4.1 2FA success stories? [message #151710 is a reply to message #151340] Tue, 24 May 2022 21:53 Go to previous messageGo to next message
McIrish is currently offline  McIrish
Messages: 252
Registered: October 2011
Do I understand correctly the 2FA is only for the Kerio Client and the web portal, but NOT for Outlook or for use on cell phones? I just want to make sure I understand.
Re: KC 9.4.1 2FA success stories? [message #151732 is a reply to message #151710] Thu, 26 May 2022 21:32 Go to previous messageGo to next message
afisher is currently offline  afisher
Messages: 26
Registered: April 2011
Yes, that is exactly how it works.
Re: KC 9.4.1 2FA success stories? [message #152322 is a reply to message #151710] Thu, 28 July 2022 21:38 Go to previous messageGo to next message
RustyB is currently online  RustyB
Messages: 87
Registered: April 2010
McIrish wrote on Tue, 24 May 2022 21:53
Do I understand correctly the 2FA is only for the Kerio Client and the web portal, but NOT for Outlook or for use on cell phones? I just want to make sure I understand.
This is disappointing. Most of our users use Exchange on mobile devices. So 2FA will not work for them? How does this make us more secure? So if a hacker guesses a users password, they can just login via IMAP or Exchange and not be prompted for 2FA even thought the user has 2FA activated?

Why can't it just send a verification email anytime someone logs in from an unknown device, regardless of what kind of device it is?
Re: KC 9.4.1 2FA success stories? [message #152438 is a reply to message #152322] Wed, 10 August 2022 18:54 Go to previous message
afisher is currently offline  afisher
Messages: 26
Registered: April 2011
The way I understand it, Exchange doesn't have a mechanism for entering the 2FA codes Kerio supports. There might be third party utilities that provide 2FA with mobile email clients but I'm not sure if Kerio would support them at the moment.

The "extra security" comes from the App Password, which are 16 random characters. I do however see your point, passwords can be written down or found out. 2FA would be more secure still.
Previous Topic: Lets Encrypt and BlueMail
Next Topic: Impact of Log4j vulnerability on GFI
Goto Forum:
  


Current Time: Thu Aug 11 21:51:33 CEST 2022

Total time taken to generate the page: 0.03027 seconds