Two Factor Authentication

Re: Two Factor Authentication

My work has already implemented 2 factor authentication for Office 365. It is only done when initially setting up or logging into the O365 portal. 2 factor authentication requires human interaction to be implemented properly. I know with gmail you can setup 2FA and then for other devices (scanning) you setup a specific password/ passcode for each device. Regarding whether MS will implement something similar, I really don't know. I would hope that they would so as to maintain a competitive edge. [emoji41]

Sent from my SM-N950U1 using Tapatalk

Re: Two Factor Authentication

First, I learned from you Two Factor Authentication = 2FA. Thanks,

I am going to change the SMTP client on my latest version Toshiba copier to Gmail and play with 2FA for awhile and see how that goes.

Just to clarify, are you saying 2FA only has to be done once on a copier for each user account? it is not uncommon to have 20 plus email addresses in the copier's address book or LDAP look ups.

I have being using Single Sign On (SSO) to log into my O365 Exchange account via 5 digit PIN code.

Is SSO somehow going to collide with 2FA?

Then I will move onto O365 Exchange soon as market acceptance of O365 is now well over 50%.

I am hoping to get a solution and implementation to this early so that I am not chasing 100+ service calls on Oct 13 when scan to email stops working.

I suspect when this happens there are going to be some forced copier upgrades on old copier equipment which is good for me.

Re: Two Factor Authentication

Xerox does offer Two Factor Authentication with its Connect Key products.

Two Factor Authentication

2FA can also be referred to as Multi Key Authentication.

A good Youtube video explaining 2FA.

What is Two-Factor Authentication? (2FA) - YouTube

Re: Two Factor Authentication

Until today I was convinced that there was no way you could perform a Scan to Email via Gmail with 2FA turned on.

I have found a workaround within Gmail called an "App Password".

Here is a video on how to perform this task.

How To Setup Scan To Email On Canon Copier - YouTube

When you enter the 16 digit password into your SMTP client in your copiers's web browser, delete the spaces between the blocks of four letters.

Anyway, I tested it and it works. Learning every day!

Re: Two Factor Authentication

A useful video from Lexmark showing how to obtain an App password for your Gmail account.

Lexmark—Configuring the e-mail SMTP settings using the Embedded Web Server - YouTube

GMail has announced they plan to force 2FA effective Feb 2021.

Re: Two Factor Authentication

Really good video. Lexmarks earned some positive after all bad I received from KM A4 rebadges.

Re: Two Factor Authentication

Tested on our bizhub and it works.

Re: Two Factor Authentication

Oct 13 will soon be upon us when Microsoft plans to enforce 2FA on its smtp.office365.com accounts.

A useful resource page.

How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs


I was working with an IT Manager today and the only way we could get smtp.office365.com to work was by subbing in the IP address of the MS Cloud server.

You can get the IP of your cloud server by doing a lookup on the MX record that Microsoft assigns you when you setup the domain on the cloud.

Re: Two Factor Authentication

Is it possible to defeat 2FA by "simm-jacking"?

The mobile phone fraud scam has jumped up in popularity over the past couple of years, and there's very little to stop you from becoming a victim.

https://www.vice.com/en/article/3kx4ej/sim-jacking-mobile-phone-fraud


This relatively new crime is known as "SIM-jacking", and works like this: perpetrators obtain important details about their victims either by scouring social media or conning them into divulging personal information. Using these details, they pose as their victims, convince network providers to transfer their numbers to new SIM cards and post out those SIMs. Once the swap is complete, messages containing codes for those two-factor authentication systems we now all have can be intercepted, and fraudsters can hop into your email, social media or mobile banking accounts.

SIM-jacking differs from other forms of hacking in that it doesn't require any technical know-how; all you need is a conman's skills of persuasion and a basic grasp of identity-theft. This is perhaps why it's growing at such a rapid rate, with incidents jumping 60 percent between 2016 and 2018.

"One of the reasons SIM-swap attacks are so effective is that many mobile phone carrier representatives are easy to socially engineer," explained a former black hat hacker, who dabbled in SIM swaps before going straight and becoming a white hat hacker. "An attacker can call your phone provider, pretend to be you and spin some story to get the support agent to transfer your number to a SIM. If he runs into any friction, he can hang up and try again with another agent."

... if you receive 2FA passwords as a text message on your cell phone and someone successfully SIMM jacks your phone, 2FA is defeated.

Re: Two Factor Authentication

Exactly why I switched to Aegis several months ago.

Re: Two Factor Authentication

There's a lot of information to take in with this thread. It does pique my curiosity, though.


But I'm still unclear about 2FA as it relates to a copier. My understanding is that 2FA is only required when first setting up an email account. Why would anyone want to have to go through the headache of 2FA every time you log into an email account? Doesn't make a lot of sense to me.

What would make sense to me is if you had to go thru 2FA every time you tried to access your email account using new computer/device. I can see that being helpful.

Re: Two Factor Authentication

It depends on situation and the level of security required. Yes having 2fa constantly run can be tedious\annoying. They should all have options for how often, or other triggers. New area login type stuff etc. That being said I've already mentioned elsewhere but I work at a local IT company, if one of my more central data storages was comprimised the attacker would have access to an uncomfortable amount of medical data as well as security information on many local companies, their records etc. The HIPAA fallout alone would be tens of thousands in fines in the wrong situation. What this is all getting to is yes, for these higher sensitivity objects it takes several steps and involves an authenticator on my phone. The authenticator acts essentially like a dedicated 2fa but it expires every 30s and you need to log into my phone, and the authenticator app itself to get anywhere. Meaning in total assuming my phone and laptop was already on (I also have a startup keys on both) you would need 2x passwords on my phone and one on the device you were trying to login to in order to get anywhere and you would have to do 2 of those passwords within that 30 second window to get into that particular pile of data.

Obviously this is a potentially worst case scenario, and many would say I'm going overkill but I feel that it keeps my company and my clients as safe as possible so it's one of the places I am as thorough as I can possibly be.

Re: Two Factor Authentication


I like the way you think, M94.

All of that makes perfect sense to me. Here's my question: If 2FA is running constantly, I'm guessing that email account isn't gonna work for SMB?

Re: Two Factor Authentication

I'm a bit confused...you can still use MFP to send emails even with 2FA.