SMS-Based Two-Factor Authentication

You may require that the credentials used for assessing your assets include two-factor authentication — that is, WhiteHat will initially supply a password or similar credential, and when that credential is approved the asset will request a second authentication factor in the form of a code that will be transmitted to the authorized user via SMS. Requiring that all logins use two-factor authenticaion is a basic way to improve general web security.

Once you have purchased SMS-based two-factor authentication for an asset, please contact WhiteHat Security Customer Success; we will then establish that number and configure the scanner for that asset and phone number.

Once an asset is set up for two-factor authentication, then when WhiteHat logs in to assess the asset, we will initially provide the first factor as described in the credentials for that asset.

The asset will accept or reject the initial factor; if it is rejected, the scan will end at that point. If the asset accepts the initial factor, it will request the second factor and will initiate sending the SMS code to the phone number defined for that asset.

The scanner will receive the SMS code via that phone number, and submit it. The asset will accept or reject the second factor, and if it accepts, the scan will continue from that point. (If the second factor is rejected, the scan will end at that point.)