i2Pass provides extra security protection for IBM i (Power i, iSeries, AS/400) applications by implementing two factor authentication. It works either with 5250 terminal session connections or with your own applications. For 5250 logon sessions, Release 2 of i2Pass lets you also control access based on the IP address for the terminal session.
Your passwords can be compromised when using Telnet and other products over the Internet. “Hackers” and “snoopers” can pick up your user profiles and passwords and then use them to access your IBM i.
i2Pass gives you additional protection by implementing a two factor authentication requirement for specific signon devices and users. This additional password, a randomly generated nine digit number, can only be used once. After it has been used, it can never be used again for a specific user profile, the additional password is permanently retired. This method allows you to access your system from a remote location for a legitimate purpose, but when someone tries to use that same authentication code over again, they are denied access.
The first time a user signs on after they have been registered, they will see this display
After entering the address (or addresses) that they want to use, a validation process will authenticate the address. Once completed, when a signon is in process, a second authentication code is automatically generated and emailed to the user and then requested to complete the signon process. When a code is sent by email, it must be used within a 15 minute window. After 15 minutes, it will expire and cannot be used.
While the second factor code is in transit, your signon process is suspended with the following screen contents showing on your display:
The two factor authentication can also be used from within your own applications. APIs (Application Program Interfaces) allow you to call our routines to generate the second authentication factor and email it to your user along with subsequent validation of the combination of user and secondary code.
An option in the software can be set to require that the user's password be re-entered when the 2FA code is entered. This may be needed to satisfy certain security requirements for some customers.
i2Pass can also be used to pre-generate a set of two factor authentication codes and produce them on a listing. These can then be used to establish a remote connection. As each code is used, it is retired. Additional codes can be generated as needed and new listings of pre-generated codes can be made. This will come in handy when a user does not have immediate access to instant email.
Release 2 adds the ability to control terminal access based on the IP address for the session. This is controlled on a user-by-user basis. If a registered users profile attempts to log on from an unauthorized IP address, they will be denied access.
i2Pass is licensed based on the serial number where the software is installed, the partition where the software is installed and the number of user profiles enrolled. Licenses are available for up to 25 users, from 26-100 users, from 101-200 users and an unlimited user license. When you install the software, at 25 user license is configured. Keep this in mind when testing. If you want to test at a higher user level, contact Kisco support for an authorization code at the higher level.
i2Pass is available for FREE 30 day trial.
Place your order here for a FREE trial of i2Pass.