Secure webmail access thanks to Zarafa YubiKey two-factor authentication integration
Date: Thu, 09/27/2012 - 12:54
Zarafa, the leading European provider of open source groupware and collaboration software, announced its two-factor authentication integration to facilitate simple and secure Zarafa webmail access
The integration is based on the YubiKey®, the flagship product of Yubico, which combines driverless USB hardware with open source software. Next to the default user name and password in the login screen of your Zarafa webmail, the YubiKey calculates a one-time password (OTP) which can’t be copied or illegitimately re-used.
The YubiKey is a cheap hardware authentication token that looks like a small USB memory stick. By touching the integrated button, the YubiKey sends a time-variant, secure login code as if it was typed in from a keyboard. The unique passcode is verified by a YubiKey compliant web service or software application. It identifies itself as a standard keyboard which allows it to be used on all platforms and browsers without the need for client software. The process of logging in with a OTP token is simplified. Manually typing of long passcodes from a display is reduced to pushing a button while maintaining the high level of passcode strength.
Security has always been high on Zarafa’s agenda. The Zarafa Collaboration Platform (ZCP) is the only open source groupware solution which is fully compatible with the German SiMKo 2 standard from the Federal Office for Information Security (BSI). ZCP 6.30 and higher is tested and certified with the SimKo2 phones of the German Telekom. In addition, Zarafa’s latest 7.1 version offers an option to restrict the permissions of system administrators. The access to mailbox data is restricted which enforces the privacy of the system. In combination with auditing features, it provides an extra level of security against unwanted access.