Multi-factor authentication (MFA), also known as two-factor authentication, is a security feature that requires two forms of authentication to access Barracuda Cloud Control. When enabled, MFA provides an extra layer of security to your account. Even if the user's login credentials are stolen, without the trusted device, the attacker is unable to access the account. And if the user's device is taken, the attacker cannot access the account without the login credentials.
Administrator-Enabled MFA
MFA is Optional by default, allowing the account administrator to determine whether to enable MFA through the Admin > Options page:
When enabled, all users associated with this account (or accounts that administer it) are required to log in using MFA.
Authentication
When MFA is enabled, users are sent an email to inform them that they are required to use MFA, including mobile device requirements and instructions on installing the Barracuda Cloud Control iOS app, the Google Authenticator, or Duo Mobile authentication tool. When the user attempts to log in, in addition to their login credentials, they are prompted to enter a secondary token in the Authentication Code field:
To access the secondary token, the user enters their login credentials, and then clicks Sign In. The user is then presented with the Secret Code and barcode on the Home > My Profile page:
The user can either copy the Secret Code and paste it into the Authentication Code field on the login screen, or using Barracuda iOS Mobile app, Google Authenticator, or Duo Mobile on a mobile device, scan the barcode presented on-screen. A one-time login token, also known as a time-based one-time password (ToTP), generates. The user enters the one-time generated ToTP in the Authentication Code field on the login screen, along with their login credentials, to access Barracuda Cloud Control. Because the ToTP regenerates every 30 seconds, the user must enter the code immediately. If the user enters an expired login token, authentication fails and the user must regenerate and enter a new ToTP.
User-Enabled MFA
When Multi-Factor Authentication is set to Optional, users can select whether to use MFA when logging into Barracuda Cloud Control using the settings on their Home > My Profile page, located under their username.
For more information, refer to Adding MFA Devices in Barracuda Cloud Control.