How to Add Two Factor Authentication to Miva for Admin: The Fastest and Easiest Solution October 26, 2018at 19:41 pm By: James Byrne After Dark Grafx Get Ready for Miva Merchant upgrade to 9.12 With the new release of Miva 9.12 they will now require two factor authentication. This should be done before the release in the next few weeks. Even though you have an email account for all admins that sends a verification code to login. You will now be prompted for an additional login method via Two Factor Authentication. In order to enable two factor authorization on Miva, you will need to: A) Login to Miva and Select the Admin User B) Put a checkbox next to the Miva Admin Account C) Select the TWO FACTOR AUTHENTICATION tab at the top of the accounts D) Select one of the two factor methods below. Two Factor authorization works like this. You login to your account with your username and password. You are then presented with another screen to enter a code, token or authorization method in order to access the account. Explanation of Two Factor Options: (Descriptions below taken from within the Miva Admin) 1) Time-Based One-Time Password (TOTP) ((select this one to make it easier and the one we explain below) Description: A Time-Based One-Time Password (TOTP) is a temporary passcode generated by an algorithm. With the current time used as one of its factors in calculation, the algorithm can ensure that each generated passcode is unique. In order to use this form of two-factor authentication, you will need to download an application (usually on a mobile device, but also available on most desktop operating systems) that will generate a code and display it when you are signing in to your admin account. The process for signing in to the administrative interface is as follows: Sign in to the administrative interface with your normal username and password credentials When prompted, enter the One-Time Password generated via your TOTP application (e.g. Google Authenticator) 2) YubiCloud + Yubico OTP (means you need a physical device plugged into your computer) Description Yubico OTP uses pre-configured YubiKeys to authenticate via the YubiCloud Authentication service. This method of two-factor authentication requires the use of a YubiKey that supports YubiCloud Authentication during sign in. A few benefits of using YubiCloud include requiring a device (the YubiKey) to be present during login and unique, secure 128-bit AES encrypted one-time passwords with counters to identify and prevent replay attacks. The process for signing in to the administrative interface is as follows: Sign in to the administrative interface with your normal username and password credentials When prompted, insert your YubiKey into your computer’s USB port Press the button on your YubiKey This is a stronger, more secure solution. 3) WebAuthn/U2F Description WebAuthn is a W3C standard that will allow for multiple forms of single-sign-on and two-factor authentication. Miva’s implementation of WebAuthn used U2F Authentication, which is two-factor only, and will require the use of a FIDO/U2F certified device. Browser support for WebAuthn is currently very limited, and will require you to log in using only browsers that currently support the standard. The process for signing in to the administrative interface is as follows: Sign in to the administrative interface with your normal username and password credentials When prompted, provide your two-factor authentication credentials via the supported U2F device ———————————————————– – Read the Full Miva Article Here on How To Set Up Two Factor Authentication on Miva Merchant RECOMMENDED SOLUTION TO GET STARTED FAST! How to Add Two Factor Authentication to Miva for Admin Users: The Fastest and Easiest Solution I am going to cover How To Add Google Authenticator to Google Chrome Browser to allow you to login via TOTP Time-Based One-Time Password (TOTP) A) Login to Miva and Select the Admin User B) Put a checkbox next to the Miva account admin that you would like to add and select the two factor authentication tab at the top C) Select Time-Based One-Time Password (TOTP) In the Miva Documentation above for this setup it references the Google Authenticator but doesn’t explain how to use it. Here is one method below. You can search for apps that run on your phone or mobile devices as well. You will need to run this extension each time you login to Miva. OTP (Google Authenticator) Setup and Configuration Time-based One Time Password or TOTP is the most popular method of Two-Factor Authentication. This involves using an app such as Google Authenticator (BELOW) to generate a unique 6 digit password each time you login. Requirements: To use TOTP you’ll need an app such as Google Authenticator, Authy or a browser plugin to handle to TOTP flow. Steps to setup in Miva Edit User and Select Manage Two-Factor Authentication Choose Time-Based One-Time Password from the Drop down On the next screen, scan the QR code or enter in the text string below the QR code into your Google Authenticator (or similar) app (HOW TO BELOW). Once done, enter in the 6 digit code generated from the App into Miva and click enable. COPY THE CODE BELOW THE QR CODE ABOVE for the next section. HOW TO INSTALL GOOGLE AUTHENTICATOR IN CHROME DESKTOP 1) Using Google Chrome, open a new tab or window and go to: https://chrome.google.com/webstore/detail/gauth-authenticator/ilgcnhelpchnceeipipijaljkblbcobl?hl=en 2) Download and Install the Extension 3) Click on the EXTENSION icon (should be in the top of your browser as a little G and it will send you to the extension website to enter your token) 4) Click on the PENCIL top right of the browser 5) Click on the ADD button – bottom left 6) Enter a user or website you want as the name to be referenced for the account access 7) Enter the token from the Miva Admin Page with the QR code that you copied above. 7) It will generate a code for you to enter into your Miva Admin below the QR CODE and token that is displayed. You could always use BACKUP TOKENS later to login but it is better habit to use the GAuthenticator Extension. Go back to the Miva Admin and enter this code below the token 8) Select Enable 9) You will now see a list of BACKUP CODES, download them and store them in safe place. I would print them and delete them from the computer to be safe. 10) Select NEXT and CONGRATULATIONS! You are now setup with two-factor authentication! Now you have to do this for each of the admins on your site. Sign In Instructions Sign in to the administrative interface with your normal username and password credentials When prompted, enter the One-Time Password generated via your TOTP application (e.g. Google Authenticator) You will need to select the Chrome Extension GAuthenticator and click on the new code that it creates and enter that for the two factor code to work. If you are unsure of how to do this or it sounds too technical, please contact us . We offer this service via a screen share to help set this up on your browser at our hourly rate. Yes, you will need to use Google Chrome to login to your admin and to use the extension mentioned above each time you login. Using a backup code To use a backup code, click the “Use Backup Token” link below the Two-Factor screen during the login process. Here you can enter in your one time use code: Each backup token is one time use so once it has been used it can never be used again. Note: There is no way to bulk generate backup codes. If you need more than the initial 10, you would need to disable Two-Factor for that user and then re-enable it which would generate you a new set of 10 codes.
PROTECT YOURSELF FROM RANSOMWARE, MALWARE AND VIRUSES. STEP BY STEP CHECKLIST FOR HOME OR BUSINESS October 16, 2018at 19:50 pm By: James Byrne After Dark Grafx Ransomware, malware and viruses are on the rise. Hackers are getting smarter with clever subject lines and phishing scams to get you to open that email. Be on the lookout! Recently, there is an email going around with subject line. “Your Account Has Been Hacked” and sometimes includes an old password that you may have used and have never changed. We take cybersecurity seriously and so should you. How did they get your password in the first place? There are multiple methods like social media engineering – where the hacker monitors some of your social media accounts and is able to guess your password, with the help of some software. They then engage brute force attacks – these attacks are targeted at one or more of your accounts and again, enlist the help of some computer software which tries millions of variations of passwords. Eventually they will guess the password as too many people do not use strong enough passwords, nor do they change them frequently enough. Another thing is in an email phish, they don’t need your password. They just need your email address (often readily available on social media), and the ability to create a convincing enough email to get you to click. Once done, they have your computer and all the data it contains. Did you know that most people do not change their passwords for at least 5 years! This is awful behavior. Couple this with using the same password across all of your social media and banking accounts and you are opening yourself up to some severe cyber pain. Take action today to mitigate these risks! Step 1: BACKUP EVERYTHING that is important on the computer(s). Using an external hard drive is excellent for this and can be found on amazon or local best buy for less than $80. Step 2: Check your computer(s) for Viruses. Avast.Com is free and other Anti-Virus programs offer free trials and scans. Other anti-virus programs are low cost and well worth the investment. Do a COMPLETE scan and not just the quick scan so you can get back to work. Schedule this at the end of the day. When you are about to leave the office or not needing to use your computer for a while, set the scan to check everything! Step 3: Download an anti-malware program like Malwarebytes.Com – free trial and run a full scan. Step 4: Download a rootkit scanner. Also available from Malwarebytes – this will scan your computer for any root access. Step 5: Change your passwords on all accounts. PC and MAC systems have a built-in on-screen keyboard. Initially, use this when you change your passwords on your accounts. If there is a keylogger on your computer, using an on-screen keyboard is a way to thwart someone from spying on you with a basic keylogger (although the scans above should find the intruder – you can never be too safe ) Also, enlist a PASSWORD MANAGER to save your passwords for you. This way you do not have to remember each different password. This is the safest and most effective method to manage your multiple passwords. BE SURE THAT EACH PASSWORD IS DIFFERENT ON ALL ACCOUNTS. Especially, do not use your banking passwords on any social media or email accounts. Don’t just add a 1 or 2 or $ to the end of a password to make it different from another password. Don’t use birthdays, pet names, favorite sports, bands, or anything that could be guessed based on information you provide publicly on social media. Bad Password: Ralph1972 Good Password: A3#!g*9gC! Step 6: Update everything, software, firmware, etc. Check your PRINTER FIRMWARE (yes, it needs to be updated – if it is on the network, it is vulnerable.) Update the ROUTER FIRMWARE (most routers will do this automatically, but some are older and need manual intervention.) Update the Operating System (Mac or PC) with the required patches. Step 7: Backup Everything again once the updates and patches are applied and steps 1-6 are completed. Step 8: Put into place a security protocol checklist at work or home explaining to your employees or family as to what to click on via email and what to not click on. You can even block websites via the router with a firewall. A part of this plan should include automatic backups to local external drives and to the cloud. Google Drive or Dropbox.com are excellent sources for this while other, larger companies will need a more robust backup solution. Your IT company should have this in place for recovery. Run daily or active scans for malware and viruses. Step 9: Add a hardware firewall. These days, computers and routers have built in software firewalls but adding the extra hardware firewall will give you another layer of protection. Step 10: Shut off the router. If you can do so, turn off the router at night so that there is an extra layer of security. If hackers can’t reach the computers, they will move on to easier targets. Don’t be the easiest target. We know life gets busy, but taking a little time to make sure that you and your business are as secure as possible will make for a better night’s sleep. After Dark Grafx does not specialize in implementing computer or software cleanup as stated above but this is the general information that we supply to our clients. We do, however, fix hacked word press, or magento websites. We also specialize in web design, e commerce, shopify, miva merchant, web development, SEO, and app development. If you have questions as to whether we can assist you, please call us. After Dark Grafx is not affiliated with or compensated for any of the software vendors or programs mentioned in this post.