Resetting and deleting a two-factor authentication secret key

You can reset a secret key when a user loses access to his or her two-factor authentication device or needs to set up two-factor authentication on a new device. Resetting the secret key allows the user to sign in to Web Console again and generate a new secret key.

You can reset or delete a two-factor authentication secret key for accounts of other users only if you have configured two-factor authentication and you have the Modify object ACLs right in the General features: User permissions functional area. You can also regenerate your own secret key.

To reset a secret key for an account:

1. In the main menu, go to Users & roles → Users & groups, and then select the Users tab.
2. Click the name of the user account for which you want to reset a secret key.
3. If you want to reset a secret key for your account:
   1. On the Two-factor authentication tab, click the Regenerate secret key button.

   

   Regenerating the two-factor authentication secret key for the current user account

   1. If your account is protected against unauthorized modification, you must confirm that you have the permissions to change this account. In the Account protection window, specify the credentials of your own account and the two-factor authentication code.
   2. In the Two-factor authentication window, click View how to set up two-factor authentication, and then click View QR code.
   3. Use the authenticator app on the mobile device to scan the QR code and receive a one-time security code.

   

   Configuring a new two-factor authentication secret key for the current user account

   1. In the Two-factor authentication window, specify the one-time security code generated by the authenticator app, click the Check and apply button, and then save changes.

      Rutoken OTP configuration

      If you use Rutoken OTP, you need an Android mobile device with the Rutoken OTP application installed. The Android mobile device must the following requirements:

      • Operating system is Android 7 or newer.
      • NFC module is available and enabled.

      In the Rutoken OTP application, you have to configure the following parameters:

      • Scan the QR code displayed in the two-step configuration wizard.
      • Set the time interval to 30 seconds.
      • Select SHA1 as the algorithm.

      To configure Rutoken OTP:

      1. Put the Rutoken OTP device next to the mobile device with the NFC module.
      2. In the Rutoken OTP application, press Connect token.
      3. In the Rutoken OTP application, press Configure settings, and then press Save secret key.

         If the token is successfully connected to the mobile device, the Rutoken OTP application shows the following status messages:

         • Token is connected.
         • Settings are configured.
         • Secret key is saved.
      4. On the Rutoken OTP device, press the button.

         A security code is displayed on the device.

      5. In Kaspersky Security Center Web Console, in the two-step verification window, enter the security code.

   The secret key for your account is changed.

4. If you want to reset a secret key for another account:
   1. On the Two-factor authentication tab, click the Reset secret key button.

   

   Resetting the two-factor authentication secret key for another user account

   1. If the account is protected against unauthorized modification, you must confirm that you have the permissions to change this account. In the Account protection window, specify the credentials of your own account and the one-time security code for two-factor authentication.
   2. Confirm the reset of the secret key, and then save changes.

   When you reset a secret key for another account, the existing secret key is deleted and the user account is added to the two-factor authentication allowlist in the Administration Server properties. At the next sign-in, the user will be able to generate a new secret key.

   The secret key of a user account is reset.

You can delete a secret key to completely block a user from signing in to Web Console and prevent the user from accessing Administration Server.

To delete a secret key:

1. In the main menu, go to Users & roles → Users & groups, and then select the Users tab.
2. Click the name of the internal user account for which you want to delete a secret key.

   You cannot delete a secret key for your own account.

3. On the Two-factor authentication tab, click the Delete secret key button.
4. If the account is protected against unauthorized modification, you must confirm that you have the permissions to change this account. In the Account protection window, specify the credentials of your own account and the one-time security code for two-factor authentication.
5. Confirm the deletion of the secret key, and then save changes.

The secret key of a user account is deleted.

You can restore access by adding the user to the two-factor authentication allowlist in the Administration Server properties. In this case, at the next sign-in, the user will be able to generate a new secret key.

Page top