Published on 01 Sep 2021
Multi-factor Authentication (MFA) is a staple part of protecting your account and your data in the cloud. We’re happy to now offer this enhanced security feature to ExaVault customers.
To control project scope and offer a product as early as possible, we made two decisions about the initial release when we were getting started;
One of the first significant decisions we needed to make was deciding what authentication methods we should initially support. Multi-factor offers several options to allow users to secure their account. While we intend to scale MFA in the near future, we decided to start with a single method.
After a few assessment discussions looking at email, SMS, authenticators, and physical keys, we decided an authenticator would be the best point of entry. Utilizing Time-based One-Time Password (TOTP) leveraging an authenticator would allow broad audience access to the feature while effectively protecting accounts from any potential intrusion attempts.
While our engineering team was hard at work implementing a change to our authentication process to support TOTP, our product team was working on the workflow designs.
With our new Product Designer, Gisele, on board, the project had a clear vision to work with and fits naturally into our existing account settings interface.
Part of the design process was ensuring that the process would scale as we add additional authentication methods to the service. We also wanted to prepare for adding admin controls to enforce the process for all users.
Initially, we planned to remove admin controls from the first release due to the additional workflow complexities around how we handle users setting up their MFA once an admin has selected to enforce additional authentication. However, the MFA admin controls ended up being a last-minute surprise that we were able to support before reaching our planned release date.
We created a workflow during the authentication process that enabled us to set up MFA during log-in. This workflow gives admins the ability to require their users to log in with MFA. In this scenario, users are not allowed access to the account before setting up their MFA.
Overall, developing multi-factor authentication for ExaVault ended up being a relatively smooth process. We kept to our schedule, including the bonus functionality that we intended to reserve for a later release. There’s still more we want to add to MFA, such as additional authentication methods. We’re currently working on adding SMS support to give more options on how to receive your codes. Adding MFA support to FTP is also on its way to offer even more thorough coverage to protect your account.
As always, your feedback helps us improve our feature functionality, and we’d like to hear from you. Reach out to us at email@example.com to connect with our product team. How are you using MFA? What would you like to see next?