Kaspersky Security Center provides two-step verification for users of Administration Console or Kaspersky Security Center 13.1 Web Console. When two-step verification is enabled for your own account, every time you log in to Administration Console or Kaspersky Security Center 13.1 Web Console, you enter your user name, password, and an additional single-use security code. If you use domain authentication for your account, you only have to enter an additional single-use security code. To receive a single-use security code, you must have an authenticator application on your computer or your mobile device.
A security code has an identifier referred to as issuer name. The security code issuer name is used as an identifier of the Administration Server in the authenticator application. You can change the name of the security code issuer name. The security code issuer name has a default value that is the same as the name of the Administration Server. The issuer name is used as an identifier of the Administration Server in the authenticator application. If you change the security code issuer name, you must issue a new secret key and pass it to the authenticator application. A security code is single-use and valid for up to 90 seconds (the exact time may vary).
Any user for whom two-step verification is enabled can reissue his or her own secret key. When a user authenticates with the reissued secret key and uses it for logging in, Administration Server saves the new secret key for the user account. If the user enters the new secret key incorrectly, Administration Server does not save the new secret key and leaves the current secret key valid for the further authentication.
Any authentication software that supports the Time-based One-time Password algorithm (TOTP) can be used as an authenticator application, for example, Google Authenticator. In order to generate the security code, you must synchronize the time set in the authenticator application with the time set for Administration Server.
An authenticator application generates the security code as follows:
We highly recommend that you install an authenticator application on more than one device. Save the secret key (or QR code) and keep it in a safe place. This will help you to restore access to Administration Console or Kaspersky Security Center 13.1 Web Console in case you lose access to your mobile device.
To secure the usage of Kaspersky Security Center, you can enable two-step verification for your own account and enable two-step verification for all users.
You can exclude accounts from two-step verification. This can be necessary for service accounts that cannot receive a security code for authentication.
Two-step verification works according to the following rules:
If two-step verification is enabled for a user account on Kaspersky Security Center Administration Server version 13 or later, the user will not be able to log in to the Kaspersky Security Center 13.1 Web Console versions 12, 12.1 or 12.2.