Support

Support for business applications

Kaspersky Security Center 15 Linux

Managing users and user roles

Two-step verification

About two-step verification for an account

Kaspersky Security Center
Нет результатов
Нет результатов
Online Help
FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

About two-step verification for an account

May 3, 2024

ID 211333

Get as PDF

Kaspersky Security Center Linux provides two-step verification for users of Kaspersky Security Center Web Console. When two-step verification is enabled for your own account, every time you log in to Kaspersky Security Center Web Console, you enter your user name, password, and an additional single-use security code. To receive a single-use security code, you must have an authenticator app on your computer or your mobile device.

A security code has an identifier referred to as issuer name. The security code issuer name is used as an identifier of the Administration Server in the authenticator app. You can change the name of the security code issuer name. The security code issuer name has a default value that is the same as the name of the Administration Server. The issuer name is used as an identifier of the Administration Server in the authenticator app. If you change the security code issuer name, you must issue a new secret key and pass it to the authenticator app. A security code is single-use and valid for up to 90 seconds (the exact time may vary).

Any user for whom two-step verification is enabled can reissue his or her own secret key. When a user authenticates with the reissued secret key and uses it for logging in, Administration Server saves the new secret key for the user account. If the user enters the new secret key incorrectly, Administration Server does not save the new secret key and leaves the current secret key valid for the further authentication.

Any authentication software that supports the Time-based One-time Password algorithm (TOTP) can be used as an authenticator app, for example, Google Authenticator. In order to generate the security code, you must synchronize the time set in the authenticator app with the time set for Administration Server.

To check if Kaspersky Security Center Linux supports the authenticator app that you want to use, enable two-step verification for all users or for a particular user.

One of the steps suggests that you specify the security code generated by the authenticator app. If it succeeds, then Kaspersky Security Center Linux supports the selected authenticator.

An authenticator app generates the security code as follows:

  1. Administration Server generates a special secret key and QR code.
  2. You pass the generated secret key or QR code to the authenticator app.
  3. The authenticator app generates a single-use security code that you pass to the authentication window of Administration Server.

We highly recommend that you install an authenticator app on more than one device. Save the secret key (or QR code) and keep it in a safe place. This will help you to restore access to Kaspersky Security Center Web Console in case you lose access to your mobile device.

To secure the usage of Kaspersky Security Center Linux, you can enable two-step verification for your own account and enable two-step verification for all users.

You can exclude accounts from two-step verification. This can be necessary for service accounts that cannot receive a security code for authentication.

Two-step verification works according to the following rules:

  • Only a user account that has the Modify object ACLs right in the General features: User permissions functional area can enable two-step verification for all users.
  • Only a user that enabled two-step verification for his or her own account can enable the option of two-step verification for all users.
  • Only a user that enabled two-step verification for his or her own account can exclude other user accounts from the list of two-step verification enabled for all users.
  • A user can enable two-step verification only for his or her own account.
  • A user account that has the Modify object ACLs right in the General features: User permissions functional area and is logged in to Kaspersky Security Center Web Console by using two-step verification can disable two-step verification: for any other user only if two-step verification for all users is disabled, for a user excluded from the list of two-step verification that is enabled for all users.
  • Any user that logged in to Kaspersky Security Center Web Console by using two-step verification can reissue his or her own secret key.
  • You can enable the two-step verification for all users option for the Administration Server you are currently working with. If you enable this option on the Administration Server, you also enable this option for the user accounts of its virtual Administration Servers and do not enable two-step verification for the user accounts of the secondary Administration Servers.

See also:

Enabling two-step verification for your own account

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.