Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Multifactor Authentication

VINCE accounts require multifactor authentication for obvious security reasons. This requirement is part of the reason we recommend that each user has their own individual account, as opposed to a shared team account, as the team would have to securely share the MFA token as well.

VINCE currently offers a choice of authentication options:

...

VINCE previously allowed users to perform multifactor authentication with Short Message Service (SMS) text messages. However, since November 8, 2023, the SMS option has been disabled, and all multifactor authentication must be performed using time-based one-time passwords (TOTP)

...

. TOTP requires access to a third-party application, such as Google Authenticator, Duo, or LastPass Authenticator

...

.

...

Using TOTP

  1. Select "TOTP"
  2. A QR code will be generated that can be scanned using the authentication application of your choice.
  3. Enter that temporary password generated by the application.
  4. (Optional) Give your device a friendly name.

    TOTP Token to link app to VINCE for authentication

  5. You will have two forms of confirmation that your account has successfully enabled TOTP multifactor authentication on your account:
    1. A green banner on the web page indicating success and displaying your User Profile (see below), and



    2. An email message confirming your MFA was successfully enabled.

Using SMS

...



...

Authentication reset requests

MFA Reset Requests

If a user needs to reset their MFA due to lost/new device, please use the MFA reset process. The user must first login using their name and password. When the MFA prompt appears, click the "Troubleshoot MFA" link and follow the instructions on resetting the MFA. Note that if a password reset is required, this must be completed prior to any request to reset MFA.

Image Added


The user will be required to provide a reason for the reset.

Image Added

Upon completing the form, follow the instructions in the email sent to the user. A VINCE analyst will receive the request and will reset the MFA within 1-3 business days.

Once the VINCE analyst has reset the MFA, the user will receive an automated email that their MFA has been reset. Upon logging in to VINCE, the user will be prompted to select a new MFA method.

...

Password Recovery

If a user needs to recover their password, they can user the VINCE password recovery feature. This can be accessed by clicking "Forgot your password?" on the login page or clicking the previous link. CERT/CC analysts will review these requests and may reach out to you for confirmation or validation of the request.

...

If you forgot your password, you can reset your password.If you lost your multi-factor authentication (MFA) device, you will need to contact us at +1 412-268-5800 or cert@cert.org to reset your account.


...