WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Platform Deep Dive: Lost Device Support for 2FA

Life happens and sometimes users lose their registered devices. We’ve now made it simpler to request a 2FA reset.

As customers manage their pentests on the Cobalt platform, we make sure that there are defenses keeping their information secure. One such example is using 2FA to log into the platform. Users have the option to set up 2FA for their accounts, and organization owners can enforce 2FA setup for everyone within their team. 

But life happens, and sometimes users lose their registered devices. We’ve now made it simpler to request a 2FA reset. This blog post explains the process in more detail.

User loses their registered device

Prior to this update, users needed to reach out to Cobalt staff to help reset access to their account. This is no longer necessary. Instead, they can follow the new account recovery flow: 

  1. Sign in using email & password
  2. Click “Start account recovery process”

Screen Shot 2022-07-11 at 1.32.28 PM

The user will get an identity verification email with a one-time passcode. Note that the code expires in 5 minutes.

Screen Shot 2022-07-11 at 1.32.22 PM

Once the user submits the code, their organization owner will receive an email alert. 

Organization owner actions the alert

While we have this identity verification process in place, we recommend that organization owners internally confirm with their colleague that they requested a 2FA reset – this can act as an extra layer of defense that strengthens overall security. 

To action the request, the organization owner can disable 2FA by: 

  1. Logging into app.cobalt.io
  2. Visiting the People page 
  3. Clicking the meatball menu 
  4. Turning off 2FA for that specific user

User receives an update to their email

The user can now log in as though 2FA is not enabled. If their organization enforces 2FA, they will get a prompt to set it up with a new device before gaining further access to the Cobalt platform. 

With this adjustment, we make it easier for customers to manage 2FA independently, with no intervention required from Cobalt staff. The platform captures and logs all of these actions in case they need to be reviewed at a later time.

Back to Blog
About Cobalt
Cobalt combines talent and technology to provide end-to-end offensive security solutions that enable organizations to remediate risk across a dynamically changing attack surface. As the innovators of Pentest as a Service (PtaaS), Cobalt empowers businesses to optimize their existing resources, access an on-demand community of trusted security experts, expedite remediation cycles, and share real-time updates and progress with internal teams to mitigate future risk. More By Cobalt
Apporwa Verma, Cobalt: “when time is money, the business value of on-demand pentesting cannot be overstated”
Apporwa Verma, application security engineer at Cobalt, shared with us how top-tier penetration testing helps improve businesses’ information security systems.
Blog
Feb 23, 2022