We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Enable 2 form factor authentication for Password Reset for Active Directory (AD)

A common customer requirement: currently have a requirement for Internet users to use 2 form authentication: 
  1. Secret Phrase\Question
  2. Token sent via SMS\Email
4 votes

Submitted · Last Updated


  • NIcholas_ScottNIcholas_Scott Customer IT Monkey ✭

    It would be great if there could be an option to use an authenticator app (like Google Authenticator).
    There's organizations where adding personal information in to AD may not be a possible and this hampers the usefulness of the product.

  • Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭

    NIST is no longer backing SMS based authentication:

    "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."


    With the above said, version 3's challenge/response couldn't come soon enough!

Sign In or Register to comment.