From Our RouteOne Security Team:
RouteOne Multi-Factor Authentication
RouteOne offers our dealer customers the complimentary security feature Multi-Factor Authentication, also called Machine Authentication, to help dealerships protect their data against theft and corruption. With Multi-Factor Authentication, your user ID and password are required for login. In addition, you can only log in from machines that you have previously registered or authenticated. As a result, if a user ID and password are compromised, the attacker would also have to log in from a machine registered, or authenticated, to that user ID.
Ease of Use
Multi-Factor Authentication is easy to use and requires a few additional steps on the user's part. There is a one-time enrollment for each user, followed by a simple registration process when a user first uses an unauthenticated machine.
When your dealership first implements Multi-Factor Authentication, everyone at the dealership with a RouteOne User ID will need to enroll. Enrollment begins with the user confirming/updating his or her preferred email address and providing answers to three challenge questions.
When the user logs into RouteOne on a new machine, they will be required to verify their identity by correctly answering one of their three challenge questions. The user will then receive an email with a password or TOKEN CODE. The registration process for the unauthenticated machine is completed by entering the TOKEN CODE when prompted in the RouteOne system.
There are no additional steps when a user logs in to an authenticated machine.
Here’s an example of how Multi-Factor Authentication can help your dealership protect its data against theft and corruption.
Joe Smith is a salesman at your dealership, which uses Multi-Factor Authentication. The machine at Joe’s desk is authenticated for Joe’s RouteOne user ID. An attacker, posing as a customer, comes to your dealership. He observes Joe entering his RouteOne user ID and password. The attacker returns to his house and attempts to log in to RouteOne using Joe’s user ID and password.
Multi-Factor Authentication starts the registration process for the new machine. The attacker cannot complete the registration process, even if he or she can answer one of Joe’s challenge questions because the email with the TOKEN CODE will be sent to Joe’s preferred email address. When Joe receives the TOKEN CODE via email, he should immediately realize that his user ID and password have been compromised, change his password, and notify his Dealership System Administrator (DSA) of the incident. In the end, even though the attacker got Joe’s RouteOne user ID and password, none of your dealership’s information in the RouteOne system was compromised.
Using Multi-Factor Authentication can make access to the RouteOne System with a compromised user ID and password difficult, helping your dealership protect its data against theft and corruption.
Take a few moments to learn more about our Multi-Factor Authentication in the News/Info section of your RouteOne platform. You can also listen to our past compliance webinars and browse through other compliance blog posts.
Questions? Contact your RouteOne Business Development Manager.