Kaspersky Security Center 14

About two-step verification

February 19, 2024

ID 211797

When two-step verification is enabled for an account, a single-use security code is required, in addition to the user name and password, to log in to Administration Console or Kaspersky Security Center Web Console. With domain authentication enabled, the user only needs to enter the single-use security code.

To use two-step verification, install an authenticator application that generates single-use security codes on your mobile device or computer. You can use any application that supports the Time-based One-time Password algorithm (TOTP), such as:

  • Google Authenticator
  • Microsoft Authenticator
  • Bitrix24 OTP
  • Yandex Key
  • Avanpost Authenticator
  • Aladdin 2FA

To check if Kaspersky Security Center supports the authenticator application that you want to use, enable two-step verification for all users or for a particular user.

One of the steps suggests that you specify the security code generated by the authenticator application. If it succeeds, then Kaspersky Security Center supports the selected authenticator.

We highly recommend that you install an authenticator application on more than one device. Save the secret key or QR code and keep it in a safe place. This will help you to restore access to Kaspersky Security Center Web Console in case you lose access to your mobile device.

To secure the usage of Kaspersky Security Center, you can enable two-step verification for your own account and enable two-step verification for all users.

You can exclude accounts from two-step verification. This can be necessary for service accounts that cannot receive a security code for authentication.

Rules and Limitations

To be able to activate two-step verification for all users and deactivate two-step verification for particular users:

  • Ensure your account has the Modify object ACLs right in the General features: User permissions functional area.
  • Enable two-step verification for your account.

To be able to deactivate two-step verification for all users:

  • Ensure your account has the Modify object ACLs right in the General features: User permissions functional area.
  • Log in to Kaspersky Security Center Web Console by using two-step verification.

If two-step verification is enabled for a user account on Kaspersky Security Center Administration Server version 13 or later, the user will not be able to log in to the Kaspersky Security Center Web Console versions 12, 12.1 or 12.2.

Reissuing the secret key

Any user can reissue the secret key used for two-step verification. When a user logs in to the Administration Server with the reissued secret key, the new secret key is saved for the user account. If the user enters the new secret key incorrectly, the new secret key is not saved, and the current secret key remains valid.

A security code has an identifier referred to as issuer name. The security code issuer name is used as an identifier of the Administration Server in the authenticator application. The security code issuer name has a default value that is the same as the name of the Administration Server. You can change the name of the security code issuer name. If you change the security code issuer name, you must issue a new secret key and pass it to the authenticator application.

See also:

Excluding accounts from two-step verification

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.