2.9 Configuring 2FA Attributes
This section covers some key attributes of the 2nd factor of authentication (re-authorization). Attributes like the maximum number of times a user is allowed to hit the “Resend” button after an OTP is generated, the pool of security questions etc are a couple of examples of 2FA attributes.
These attributes are seen in the database in the PROP_ID column of
the table DIGX_FW_CONFIG_ALL_B (CATEGORY_ID =
‘authenticationConfig’). The following table lists down all possible
attributes and their significance. Their values must be set in the column
PROP_VALUE.
Table DIGX_FW_CONFIG_ALL_B (CATEGORY_ID =
‘authenticationConfig’)
| PROP_ID | SIGNIFICANCE |
|---|---|
OTP.EXPIRATION_TIME |
Time in milliseconds after which an OTP will expire. |
OTP.MAX_NO_ATTEMPTS |
Max number of unsuccessful attempts of entering a valid OTP after which all 2FA enabled transactions for the user will be locked for a "cooling period" amount of time |
T_SOFT_TOKEN.EXPIRATION_TIME |
Time in milliseconds after which a time based soft token will expire. |
R_SOFT_TOKEN.EXPIRATION_TIME |
Time in milliseconds after which a random soft token will expire. |
SEC_QUE.EXPIRATION_TIME |
Time in milliseconds after which answers to the security questions presented to the user will no longer be considered for re-authorization. |
EXPIRATION_TIME |
Time in milliseconds after which the re-authorization factor will expire. This is the default property that will be looked up in case factor specific expiration times are not maintained. |
T_SOFT_TOKEN.MAX_NO_ATTEMPTS |
Max number of unsuccessful attempts of entering a valid time based soft token after which all 2FA enabled transactions for the user will be locked for a "cooling period" amount of time. |
R_SOFT_TOKEN.MAX_NO_ATTEMPTS |
Max number of unsuccessful attempts of entering a valid random soft token after which all 2FA enabled transactions for the user will be locked for a "cooling period" amount of time. |
SEC_QUE.MAX_NO_ATTEMPTS |
Max number of unsuccessful attempts of entering valid answers to security questions after which all 2FA enabled transactions for the user will be locked for a "cooling period" amount of time. |
MAX_NO_ATTEMPTS |
Max number of unsuccessful attempts of entering valid 2FA after which all 2FA enabled transactions for the user will be locked for a "cooling period" amount of time. This is the default property that will be looked up in case factor specific Max Attempts are not maintained. |
TFA_LOCK_COOLING_PERIOD |
This is the cooling period in milliseconds after which 2FA
transactions which were locked out because of exceeding
MAX_NO_ATTEMPTS, are enabled once
again.
|
OTP.MAX_ACTIVE_REF_NO |
Max number of attempts to generate 2FA reference numbers for a
transaction after which no more attempts can be made for
EXPIRATION_TIME units of time for that factor
of authentication. This one is specific to OTPs.
This property is in place as a basic mechanism to protect the application against DOS attacks where the end user can keep generating OTPs by initiating transactions and making the system generate the 2nd factor of authentication, but not going through and completing the transaction. |
OTP.MAX_ACTIVE_REF_NO |
This property is in place as a basic mechanism to protect the application against DOS attacks where the end user can keep generating OTPs by initiating transactions and making the system generate the 2nd factor of authentication, but not going through and completing the transaction. |
T_SOFT_TOKEN.MAX_ACTIVE_REF_NO |
Max number of attempts to generate 2FA reference numbers for a
transaction after which no more attempts can be made for
EXPIRATION_TIME units of time for that factor
of authentication. This one is specific to Time Based Soft Tokens.
|
R_SOFT_TOKEN.MAX_ACTIVE_REF_NO |
Max number of attempts to generate 2FA reference numbers for a
transaction after which no more attempts can be made for
EXPIRATION_TIME units of time for that factor
of authentication. This one is specific to Random Soft
Tokens.
|
SEC_QUE.MAX_ACTIVE_REF_NO |
Max number of attempts to generate 2FA reference numbers for a
transaction after which no more attempts can be made for
EXPIRATION_TIME units of time for that factor
of authentication. This one is specific to Security
Questions.
|
MAX_ACTIVE_REF_NO |
Max number of attempts to generate 2FA reference numbers for a
transaction after which no more attempts can be made for
EXPIRATION_TIME units of time for that factor
of authentication. This is the default property that will be looked
up in case factor specific Max Active Reference Number attempts are
not maintained.
|
OTP.RESEND_COUNT |
Max number of times a user can hit the “Resend” button in case of OTPs. After exceeding this count, the user will need to re-initiate the transaction all over again. |
retailuser.NO_QUE_ANS |
Number of security questions that a retail user needs to setup (answer). During an actual transaction he will be asked a sub set of these questions. |
corporateuser.NO_QUE_ANS |
Number of security questions that a corporate user needs to setup (answer). During an actual transaction he will be asked a sub set of these questions. |
administrator.NO_QUE_ANS |
Number of security questions that an admin user needs to setup (answer). During an actual transaction he will be asked a sub set of these questions. |
NO_QUE_ANS |
Number of security questions that a user segment needs to setup
(answer). During an actual transaction he will be asked a sub set of
these questions. This is the default property that will be looked up
in case factor specific NO_QUES_ANS is not
maintained
|
Parent topic: Secure Installation and Configuration