+14
Under Review

Two Factor Authentication on Join

Loyd Smith 4 years ago updated by CJTech 9 months ago 8

For PCI compliance it would be really nice to be able to ask for a GoogleAuth token upon connection to the client's machine. Currently we have to lock the user's computer and enter a password to login. This is a poor workaround as if someone were to hack our LabTech environment, they would have all these passwords anyway. It seems like it would be very simple to add a second GoogleAuth challenge each time you make a remote connection to a computer. This should work in all ConnectWise environments where you can launch a ScreenConnect session: ConnectWise, LabTech and ScreenConnect.

Available in Version:

This is definitely a PCI requirement and we will have to abandon ScreenConnect if it cannot be implemented.

There is a Webinar by RSPA coming up that it would be very good for someone from ConnectWise Control to go to in order to understand what we are up against with PCI compliance rules for remote control software. A link to register for this is below.


https://register.gotowebinar.com/register/1227497369840000770


We use Vigilix (the partner in the upcoming RSPA webinar) for some of our sites in addition to primarily using ConnectWise Control. They do 2-factor auth the way we want Control to do it and unfortunately we may have to move all of our sites over to Vigilix if Control doesn't implement this soon.

We switched from Vigilix to ConnectWise Control because of the integration to other ConnectWise products, but if Control is not fixed to actually be PCI compliant (even though they have a statement saying they are, but they are not correct), then we will need to switch our business away from ConnectWise to a provider that is current with PCI requirements.

I agree; this would be a very valuable feature.

I seriously wish this would be addressed. the workaround I have in place is very cumbersome and frankly a PITA, and would make it more secure in general, not just in PCI

any movement on this? 

This feature would be very beneficial and help with compliance.