Two-factor authentication (2FA), or multi-factor authentication (MFA), requires you to provide more than one means of identification to log into a service. Commonly, 2FA is implemented by requiring a password as well as proof that you have access to a registered mobile device (e.g., by receiving a text message and entering digits that appear in it).

Elpha Secure provides two-factor authentication for remote access to computers. This protection is enabled by default. To log into your system remotely, you will need to:

  1. Install Elphaware onto the target machine and make sure remote desktop login is enabled.
  2. Make an account on the Elphaware portal.
  3. Log into the portal from the system initiating the remote login (this system does not need to have Elphaware installed).
  4. Browse to the computer you wish to log into.
  5. Click "Unlock Remote Access". You will have 15 minutes to log in.
  6. Open your remote access program (such as Remote Desktop Connection on Windows) and try to log in.
  7. If login still does not work, click "Unlock for all IPs" and try again.

Remote desktop login must be enabled on the device you are logging into. You will need to know the IP address or name of the computer you are logging into, and the network and firewall must be configured to allow remote logins. If you encounter difficulties, we recommend contacting your IT support or network administrator.

Does Elpha Secure provide MFA for other types of services?

Since Elphaware is installed on an endpoint, we can provide MFA for access to any services provided by that endpoint. For cloud services, we may be able to help you enable existing MFA support in those services. In some cases, we can replace the authentication mechanism for cloud services to use Elpha Secure instead (thus adding MFA). If you are interested in learning about our customization and consulting services for MFA, please contact us.

Does Elpha Secure support other authentication modes for MFA?

While SMS authentication is our default, some customers might desire a higher level of security or an authentication mechanism that doesn't rely on cell network coverage. Hence, we also provide one-time pad authentication through Google Authenticator or FreeOTP. We may be able to support additional mechanisms such as hardware security tokens. For any of these types of requests, please contact us.

How does MFA for remote access work?

We install a firewall rule on the target machine which blocks all incoming remote desktop connections (RDP on Windows, SSH/VNC on Mac OS and Linux). When you click unlock in the portal, we send a message to the Elphaware installation to temporarily open a hole in the firewall. Initially, this hole is only open to what appears to be your source IP address, though we also provide the option to unlock it for all IP addresses. A user logging in will then have to provide valid operating system credentials.

After the 15 minute window expires, we reinstate the firewall rule. We continue blocking all new incoming connections, but allow any existing connections to proceed.