January 10, 2019
Security Improvements with Two Factor Authentication
As a committed partner, our first priority is to protect MSPs and their clients. We recognize our responsibility to help safeguard businesses from the serious threats that face the community today.
We have been tracking recent stories in the news and working hard to provide best practices to take necessary precautions against these growing threats. MSPs and their end-users are being increasingly targeted by advanced threat actor groups known as APTs. Attacker tactics, techniques and procedures (TTPs) commonly involve using stolen login credentials to compromise MSPs and their end-users systems and data.
The Datto Partner Portal is the management platform that provides MSPs the ability to access all devices in their fleet, administer backups and restores, and much more. This incredibly powerful portal requires increased protection, which is why we are taking advanced protective measures to implement advanced authentication workflows for all accounts.
What Partners Can Expect
In January, an elective onboarding period will begin for several weeks, where partners (and end-users) will be prompted to enter a mobile phone number to enable two factor authentication (2FA). An option to bypass this prompt will be available for a short time, however we strongly recommend every partner enrolls as soon as possible.
Coming soon, 2FA will be required for every portal account. If end-users have access to the Datto Partner Portal, we highly recommend early communication around this improvement to educate them that together, we are strengthening the protection around critical business data. We aim to have 100% adoption in June of 2019.
Follow the Datto KB on Getting Started with 2FA.
Read more about our 2019 Security Considerations.
Datto RMM, Autotask PSA, Autotask Workplace, Autotask Endpoint Backup, and SaaS Protection are not included in this initial rollout, however it is on the roadmap. You don’t need to wait for the mandatory rollout. You can enable 2FA for those accounts today, using the links above.