4 Eyes principle or two man rule with privacyIDEA

emergency-stop-switch-778673_1280You are using two factor authentication to improve your security or to fullfill certain needs?

You may now take security to the next level as privacyIDEA will support a 4 eyes principle starting with version 2.6. We just pushed the implementation to the development branch.

Using this new meta token you can require two or more tokens or persons to perform an authentication process successfully. Thus you will have two persons each with two factors. You can use this feature to set up a two man rule as known from the U.S. Air Force. Well, we very much recommend that you do not launch nuclear missles and hope that privacyIDEA does not get involved here…

But the same feature can be used to set up the 4 eyes principle you need in certain business processes or fullfill requirement 3.6.6 of dual control by PCI DSS 3.1. In conjunction with the signed Audit log privacyIDEA can help you a lot in your financial workflows.

You may read more about the 4 eyes token in the online documentation.