OTP 2FA OMG

Community Manager

With users working from home, sales reps needing to access backend systems, engineers updating systems on a customer's infrastructure and many more reasons for users not to be in an office, VPN has become extremely common in today's work environment. 

 

A security admin's task is to ensure all these connections are secure while not hindering people's ability to work. Ensuring a sufficiently secure encryption protocol is one thing ,(you don't want an md5 - 3DES tunnel), but it doesn't stop there. 

Even the most rigid encryption algorythms can easily be bypassed if the password that's used to establish the tunnel is guessed ('123456' and 'password' are still the most widely used passwords, has no one seen Hackers?)

 

Requiring users to remember 256-character long passwords, including wingdings characters, is also not an option. One solution is to introduce Multifactor Authentication where users add a PIN to their password or, even better, use only One Time Passwords (OTP) to authenticate to GlobalProtect.

 

SivasekharanRajasekaran ( @srajasekar ), a Senior Technical Engineer with Palo Alto Networks, wrote a really cool article on how to set up OTP based 2FA using RADIUS or SAML so you have full freedom of choice when picking which OTP provider suits your needs best.

 

You can read up on the implementation here:

GlobalProtect: One Time Password based Two Factor Authentication

 

 

Feel free to leave remarks or questions in the comments below.

 

Stay secure!

 

Reaper out!

8,392 Views
Comments
L1 Bithead
The link is dead.
1,327 Views
Community Manager

@LorenzoM  it is not? Please try again! You may need to clear your browser cache or try a different browser

1,319 Views
L1 Bithead

The link I'm referring to is this one:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8ICAS

 

It doesn't work in Chrome or Firefox (both normal and incognito/private mode) on two different PCs, but it does work on my mobile Chrome. Very weird! Thanks for the assist!

1,316 Views
Community Team Member

I have tested that link, and it does work. I defer to what @reaper said, please delete cookies and clear cache and try it again.

1,306 Views
Community Manager
Since it works on your mobile, could you try some basic troubleshooting on your PCs? I would suspect an upstream firewall or ISP peering issue could be the culprit
1,285 Views
Ask Questions Get Answers Join the Live Community
Labels