cancel
Showing results for 
Search instead for 
Did you mean: 

2-factor authentication (2FA) on external websites

jhill
Level 3
We've just begun setting up processes to log into bank websites in order to retrieve account information (e.g., holdings, STIF balances, etc) and that project is moving along well.  We have developed an internal web service that will provide the necessary passwords when the robot gets to a logon prompt. However, several of our banks have just introduced (or are about to introduce) 2FA into their authentication model, so even if we know the password, we're still not getting in without the SecurID sequence.  Has anyone found a way to address this?    
4 REPLIES 4

AmiBarrett
Level 12
That would depend on how the 2FA is handled, I suppose. If it's an SMS message or phone app, and the phone is a droid (or an emulated droid), it should be pretty easy (and free) to leave it hooked up to a system in debug mode and have it send the keys someplace. Likewise, if there's a desktop app for your token, it should be fairly simple. If it's an e-mail, you should be able to have the bot parse the specific format and go from there. On the other hand, if the SecurID method relies on a key fob, you may need to get with the bank in question for an API (which is usually not free). The only other alternative to that would be to have a webcam over the fob 24/7 streaming to some secure site that the bot can OCR. Sorry for the shotgun blast of a post - just trying to think of all the RSA methods I've seen as of late.

kfinnegan_900
Level 2
You can make use the Symantec Web Service to create One Time Password every time the user ( Robot) attempts to access a Bank application.  The ( OTP) is the second factor. see: https://www.symantec.com/connect/pages/download-vip-authentication-serv…    

Hi Ami, we also have a provider who are looking to add 2fa to their portal. The only options they offer are to receive the code to a mobile device or a mobile app. Do you have any suggestions about how we might resolve this, e.g. receiving sms to a website etc?

------------------------------
Karl Broadway
PMO Manager
Credo Wealth
Europe/London
------------------------------

Hi

Some ideas which you may want to consider:

There is option on my phone to send and receive messages on computer. 
https://messages.google.com/web

Other option is maybe run an automation on the mobile device which will email the code

https://llamalab.com/automate/




------------------------------
Pritam Poojari
Solution Architect
Capgemini
Europe/London
------------------------------