Protecting username/password access to online services such as banks, financial services (e.g. PayPal) and major sites like Apple and Google, increasingly relies on entry of an on request 6 digit code or 'token'. This is known as two-factor authentication or 2FA.
2FA codes are generated dynamically and provided on a separate device: e.g. a card reader, via a mobile phone text message, using a special one-time password (OTP) device, or more recently, via a mobile phone app. The latter has several advantages: apps can be used globally, they are free and work via WiFi even if there is no mobile phone signal, and apps like Google Authenticator and Authy are well established with millions of users.
Our Webdoxx online PDF security services can now provide 2FA on a user-by-user basis or usergroup basis. When a user is selected for 2FA via our User Management facility the first time they login they will be asked to use an authenticator app to scan a QR code, as illustrated below:
Using a suitable free authentication app, the QR code is scanned and a 6-digit token made available which is then changed by the app every 30 seconds. Entering the token then allows access by that person.
Next time they login with their username and password there is no QR code displayed, just a request for a current 6-digit code, so only that user with that second device has access to the service. This kind of extra protection augments a range of other protective measures that we provide, including cookie-based checks, session concurrency checks, IPAddress tracking and more.
For more details on 2FA and access security questions, please contact us
Security and Email link re-writing
Individuals and corporates are rightly becoming ever more concerned about the security risks associated with incoming emails - particular with file attachments and disguised links to external websites. Hopefully this email newsletter and the links within it will be received by you without being automatically amended!
To minimize risks many email systems include a wide range of security facilities, now sometimes including link re-writing (e.g. see https://www.proofpoint.com/ and https://www.barracuda.com/). This changes links in received emails and re-directs them to a separate facility to check if the links appear to be genuine and safe. Whether or not your email service provides such link re-writing and other forms of protection, it is a good idea if you are using a PC or Mac to let your cursor hover over any link or button to see where it really points to!
Any amended links may work when clicked but also may fail to work when used for direct file downloads or auto-logins to remote servers. A useful article discussing the issue can be found here: https://www.avanan.com/blog/url-defense-link-rewrites
Javelin3 Secure PDF reader updates for Apple Mac and Android
Apple Mac: There are several important updates to our free Javelin3 PDF reader for Mac computers - this new release (v3.1) is for OSX 10.13 and later versions only - the previous versions of Javelin3 and Javelinm remain available for earlier versions of OSX - items marked with a * below have been implemented for these earlier versions of Javelin3:
a new File menu item, Save, has been added to enable mark-up and notes to be saved prior to exit-ing the current document. This adds a level of protection for users making many annotations to the secure PDFs they are reading
the Notes facility has been improved by making it more like the facility provided in the Preview application on Mac computers
mark-up has also been improved for PDF files where the page crop size differs from the page size
an error in the print handling has been fixed - this only affects large secured documents (1000+ pages) where printing has been enabled and subsets of pages (e.g. single pages) require printing
branded versions of the Mac Javelin3 reader can now be provided - please contact us us for more details
last page remember - as with Javelin3 on other platforms, the new Mac version remembers the last page viewed and re-opens documents at the appropriate page
Android: Google's latest update to Android10 has made a significant change to where files can be written. The existing Javelin3 folder location is no longer permitted under this update, so new versions of Javelin3 for Android and selected branded apps based on Javelin3 have been produced and made available on the Google Play appstore.