What are the two-factor authentication rules?

Two-factor authentication (2FA) refers to a method that combines two or more conditions to authenticate users, including passwords and physical objects (credit cards, SMS mobile phones, tokens, or biomarkers such as fingerprints).

What are the forms of two-factor authentication? Two-factor authentication is generally a username and password plus another authentication method, such as: SMS verification, WeChat or QQ authorization verification, USB token, OTP token, etc.

Example 1: When you enter the company, you must punch in (your ID card at the company) + fingerprint verification. This is the two-factor authentication mechanism

Example 2: Log in to a web site , after entering the account password, you must also enter the received SMS verification code, which is also a two-factor authentication mechanism

Bastion machines often become a weak link in the internal security of enterprises. All equipment assets and information are stored inside the bastion machines. Permission relationship, once the bastion machine is invaded, it means that hackers often get the permission to log in to the server and network equipment. The bastion machine password is the first line of defense for bastion machine security. Once the bastion machine password is obtained by another person, it means that this person can use all the permissions of this password.

If the user has set up two-factor authentication on the Xingyun Guanjia bastion machine, then when accessing all key devices in the team, secondary identity authentication will be required. WeChat or SMS are currently supported. Users can freely choose the authentication method according to the actual situation of the company. Of course, this also means that after turning on two-factor authentication, team members need to bind WeChat or mobile phones in their personal information.

What two-factor authentication methods are available for Xingyun Guanjia bastion machine? How to enable and use two-factor authentication?

Click the "Policy Edit" button of the corresponding operation and maintenance policy, and then click the edit icon of "Two-Factor Authentication" to open the "Modify Two-Factor Authentication" dialog box and select the corresponding two-factor strategy;

p>

When accessing key equipment, you will need to enter a "verification code" in the access voucher and click "Get Now";

You will receive a four-digit verification code on WeChat or SMS, which will The verification code is backfilled into the access certificate to access the device;

The two-factor authentication mechanism of the Xingyun Guanjia bastion machine not only controls and prevents it beforehand, but also audits and intercepts operations during the incident. The user enters the username and password When logged in, WeChat will push administrator information when executing certain sensitive instructions. The administrator can verify the identity of the current operator and then decide to pass or reject the operator's sensitive instructions. The default expiration time is 30 minutes.

In the Xingyun Guanjia bastion machine, the following operations trigger two-factor authentication: restart the host, stop the host, change the host operating system password, change the management terminal password, create a host session, snapshot rollback, and replace the system disk, initialize disk, unmount data disk, mount data disk, etc.