Unitec has released a new software version (1.76.1) for Sierra-based products. For all new units shipped from our manufacturing facility, Multi-Factor Authentication (MFA) has been enabled.
What is MFA?
Multi-Factor Authentication is a PCI-mandated inclusion that increases the security of your credit processing environment. MFA is a method of computer access control in which a user is only granted access after successfully presenting multiple, separate pieces of authentication. MFA is only required for remote access points (logging in through the router, remotely through the Internet, or from secondary units). Local access points do not require MFA.
What does MFA require?
To successfully log in remotely, MFA requires (1) an active Internet connection for Sierra, and (2) a mobile phone with texting capabilities (SMS messages).
What can I expect each time I log in remotely?
Each time Sierra is accessed remotely, users with Administrative Access will be authenticated (User Management and/or Utilities) on every login by requiring (1) the user ID and password and (2) a 6-digit security code that will be sent to the mobile phone associated with the User ID. This code will differ every time and will expire after 5 minutes.
What about units in the field?
MFA applies to new units only. Any units in the field that will be updated to 1.76.1 do not have MFA automatically enabled, but it will enable if the Restore Factory Defaults function is performed.
Am I required to use this feature?
A Manager-level user (login 10/10) has been added as a default user for new installs of Sierra. The Manager-level user is assigned all access rights (reporting, promotions and account management and most setup/configuration) except User Management and Utilities. This will allow any service techs in the field to perform any subsequent setup and change programming without having to use MFA. Units in the field may also manually create a Manager-level user, regardless of the software version.