2FA at No Charge

Dual-factor authentication for all users included in base price.

Xpress Password supports multi-factor authentication for all users, at no extra cost. This is typically done by combining multiple credentials, as follows:

  • If the user connects from the Extranet, start with a CAPTCHA.
  • Next, prompt for the user’s login ID.
  • Prompt for user verification which may be any of the following:
    • If the user has been activated to use a third party 2FA technology, such as a one time password token,Google Authenticator prompt the user to enter the code.
    • If the user had previously enrolled their mobile phone number, send a PIN to the user’s phone, via SMS and prompt the user to enter it
    • If the user had previously enrolled their personal e-mail address, send a PIN to that address, on the assumption that the user has e-mail access on their phone.
  • Users may be prompted to select one of several 2FA options, or one of several alternatives for the same option (e.g., send a PIN via SMS to one of multiple mobile numbers or e-mail addresses).
  • Based on the user verification policy, prompt the user to enter it or answer a series of security questions.