Enhanced protection for your stored data – two-factor authentication
From today, Virtual Call Center users can take advantage of two-factor authentication when using our solution. This latest feature enhances the security of data stored in VCC’s client software programme by requiring, in addition to normal login authentication, a further login authentication procedure, using a password sent to a personal device, such as a mobile phone, ID card, or USB token.
With the increasingly widespread use of smart devices, two-factor authentication is becoming an ever more popular solution, since it inserts an additional authorisation step in the login process, thus minimising the risk of data abuse.
Data stored in the VCC client system is important and valuable to our customers in a number of ways. Databases can, for example, contain personal information whose storage is subject to strict legal and IT rules; alternatively, a comprehensive call centre customer or calling list can be its most important business advantage, and one which has to be protected from competitors.
As such, we operate a secure password policy in our system, in particular allowing the strength of passwords chosen by users to be set centrally. The newly introduced two-factor login procedure (which we anticipate will normally be used via a mobile phone) further enhances this security filter.
We have chosen the Google Authenticator application, which generates a code consisting of 6 digits which remains valid for 90 seconds after requested, to provide the technology required for this feature. When first logging in to a workstation, you are required to insert the generated string of numbers after your username and password. After logging in you can select a ‘Remember me for 30 days’ option, which will allow the version of the VCC client running on the workstation to operate without further two-factor identification for a period of 30 days (unless deactivated by the user before the end of this period). If an unauthorised person manages to access the mobile phone, or if the phone becomes faulty or an active Google account is deleted from it, a supervisor is able to modify the two-factor settings.
Two-factor authentication using a physical device will be particularly useful for call centre staff who are authorised to manage, export or import databases.
You can download Google Authenticator here:
Installation guide for Google Authenticator: