Introducing Hardware-Based Multi-Factor Authentication For Login (MFA / 2FA)

A new and exciting feature we have been working on for some time has been released over the bank holiday weekend.

Ruby Datum now benefits from a new multi-factor authentication method, hardware-based keys. This is the first for Virtual Data Rooms and paves the way for many other technology providers looking to step up their game and pursue the future of login. The technology came onto our radar a while ago, however browsers have taken some time to properly implement it.

How your screen may look when you try to login with multi-factor authentication

What is hardware-based MFA?

Simply put, this allows you to login (in addition to using a password) using a security key. We currently recommend YubiKey or Google Titan as they’re the dominant players in the market, however with time we do anticipate many others to step into the arena. Many of these keys will work by using your computer’s USB port or by tapping on the back of your phone (the same key can be used for both in many cases). All compatible FIDO2 keys are supported, including Deepnet SafeID.

Can I use my phone’s face recognition or laptop fingerprint reader?

Yes, we’ve included support for both of these.

Please bear in mind that you will need to be logged into both devices to add the new login methods (or just keep them deactivated to begin with) or you won’t be able to log into one of them (as the recognition will just be registered to one device only – we can help you with this if you get stuck but our system should guide you through).

Why is MFA beneficial to me?

Passwords are not good enough. Depending on your settings, we enforce various degrees of complexity against passwords. We also scan public breach lists against passwords which have been leaked online, informing users. This still does not protect user’s from being careless, which is often the weakest entry point of any system when it comes to security. It was a weak password from just one employee at Dropbox which led to over 68 million passwords being stolen, for example.

By using a second method to login, the risk is mitigated. Hardware keys are proven to be the most reliable of login methods, especially when bio-metrics are involved such as fingerprint readers.

You may have been sent a code by SMS before, or received an email to click a link before you’re able to login, however these are unreliable and make it much easier for hackers to compromise a system (it was an SMS sim-swap attack that led to Twitter’s CEO having his account being compromised recently.)

Do you only support hardware keys? What about other methods?

We also support Google Authenticator and Email as login methods. Google Authenticator is secure and reliable, however email is something we do not recommend as it is easily compromised.

We cannot stress enough however, it is better to have at least one multi-factor method installed on your site, rather than none at all.

What browsers can support hardware keys?

Edge, Firefox, Chrome, Opera, Safari and most mobile phone browsers. Just make sure your browser is up-to-date.

Please note that Internet Explorer 11 is NOT supported. You will see a notice informing you that you are using an old and incompatible browser.

How do I benefit from this new way of logging in?

From your settings page, go to “Manage Login Methods”. From here, you will be able to additional ways to verify your login.

Over the coming weeks, we will also be adding in a way for administrators of sites to enforce multi-factor login and we’ll also be adding additional methods such as Authly.