From Our RouteOne Security Team:
RouteOne Multi-Factor Authentication
RouteOne is implementing for our dealer customers the complimentary security feature Multi-Factor Authentication, also referred to as Machine Authentication, to help dealerships protect their data against theft and corruption. With Multi-Factor Authentication, your user ID and password are required for login. In addition, you can only log in from machines that you have previously registered, or authenticated. As a result, in the event a user ID and password are compromised, the attacker would also have to log in from a machine registered, or authenticated, to that user ID.
Ease of Use
Multi-Factor Authentication is easy to use and requires few additional steps on the part of the user. There is a one-time enrollment for each user, followed by a simple registration process when a user first uses an unauthenticated machine.
When your dealership first implements Multi-Factor Authentication, everyone at the dealership with a RouteOne User ID will need to enroll. Enrollment begins with the user confirming/updating his or her preferred email address and providing answers to three challenge questions.
When the user logs into RouteOne on a new machine, they will be required to verify their identity by correctly answering one of their three challenge questions. The user will then receive an email with a password or TOKEN CODE. The registration process for the unauthenticated machine is completed by entering the TOKEN CODE when prompted in the RouteOne system.
When a user logs in to an authenticated machine, there are no additional steps.
Here’s an example of how Multi-Factor Authentication can help your dealership protect its data against theft and corruption.
Joe Smith is a salesman at your dealership, which uses Multi-Factor Authentication. The machine at Joe’s desk is authenticated for Joe’s RouteOne user ID. An attacker, posing as a customer, comes to your dealership. He observes Joe entering his RouteOne user ID and password. The attacker goes back to his house and attempts to log in to RouteOne using Joe’s user ID and password.
Multi-Factor Authentication starts the registration process for the new machine. The attacker will be unable to complete the registration process, even if he or she is able to answer one of Joe’s challenge questions because the email with the TOKEN CODE will be sent to Joe’s preferred email address. When Joe receives the TOKEN CODE via email, he should immediately realize that his user ID and password have been compromised, change his password, and notify his Dealership System Administrator (DSA) of the incident. In the end, even though the attacker was able to get Joe’s RouteOne user ID and password, none of your dealership’s information in the RouteOne system was compromised.
Using Multi-Factor Authentication can make access to the RouteOne System with a compromised user ID and password difficult, helping your dealership protect its data against theft and corruption.
Take a few moments to learn more about our Multi-Factor Authentication and additional RouteOne security features here. You can also listen to our past compliance webinars, browse through other compliance blog posts.
Questions? Contact your RouteOne Business Development Manager.