Qualys Blog

www.qualys.com

QualysGuard adds VeriSign Identity Protection

Hi!  My name is Corey, I have a dog named Sparky, and I really like chocolate.   You now have everything you need to guess my password.

This isn’t a surprise, of course.  Over the last several years research has shown that passwords are often easily compromised:

One good solution to these password issues is to use two-factor authentication, where a user is required to both know something (i.e. your username and password) and have something (such as a generated code from a key fob).  Your debit card is a good example of this:  You need to both know your PIN code and have the physical card in order to access the bank account it protects.   Two-factor authentication has become more readily available over the last few years, and is now a capability that many security-oriented companies are actively pursuing.

Consequently, I’m thrilled to announce that Qualys is now making VeriSign Identity Protection (VIP) two-factor authentication available to all QualysGuard users at no charge, providing an additional layer of protection to keep your data secure.

Subscription Managers can require VIP for all accounts, or individuals can opt-in as desired.  Enabling it for an account is simple with just three steps:

  1. Obtain a credential from VeriSign.  Like QualysGuard, VeriSign VIP is a software-as-a-service offering with no server software to deploy or hardware to manage.  I prefer using their phone-based credential, but their toolbar is also a good choice (as are key fobs for those who like having a physical token); see the complete list of supported devices.
  2. Login to QualysGuard and edit your user settings.  Click “Advanced” and you’ll see the following under the “Options” tab:VIP Activation
  3. Click “Register Credential” and provide the codes requested.Credential Registration

You’re now ready to use VIP Authentication for logging in to QualysGuard.  You’ll still use your username and password (what you know) but will be prompted to provide the code from your credential (what you have) to complete the login process:

VIP Login

Don’t worry if you can’t access your token (who hasn’t left their phone on the kitchen table?); you can request a one-time password that will grant access within the next hour.

We’re excited to help lead the effort to replace passwords with better authentication methods, and look forward to hearing from you on how we can continue to improve our service.  In the meantime, feel free to take that chocolate bar without any guilt!

3 responses to “QualysGuard adds VeriSign Identity Protection”

  1. Hello Corey,

    I don’t have any smart mobile. I am trying to login QualysGuard.

    I installed Verisign VIP access for desktop on my laptop. How to get credential ID and security code for my QualysGuard login?

    Thanks

  2. TIP:  Security code 2 isn’t shown via the VIP app.  You’ll need to wait to enter the second security code shown in the app after the first times out (or just force the app to regenerate a new code.)

Leave a Reply