How Infosysta has Integrated 2FA for Jira: U2F & TOTP in their Mobile Apps

As more businesses go online, the use of mobile project management apps rises, and cyberattacks become more sophisticated. Insufficient logging is one of the key vulnerabilities. That's why Infosysta, the developer of Mobile for Jira and JSMobile, decided to integrate 2FA For Jira: U2F & TOTP in their smartphone solutions. Here’s why — and how you can do the same.

Mobile devices are becoming more and more popular among Internet users as they are easier to access on the go than laptops and PCs and provide almost the same level of functionality. According to Statista, in 2020, 218 billion mobile apps were downloaded compared with 204 billion a year earlier.

Furthermore, the frequency and intensity of cyber attacks have increased over the last decade, and especially since the outbreak of the COVID-19 as the world’s dependence on the Internet and information technologies is unprecedented. Many governments have recently reported a growth in cyber threats. For example, the FBI’s Internet Crime Complaint Center (IC3) claims that it receives between 3,000 and 4,000 complaints per day, and the European Union (EU) asks for joint actions with the Member States as EU cybersecurity is “at risk from hackers.” United Nations officials have also warned that “cybercrime is on the rise.”

On the other hand, the cybersecurity infrastructure in many countries is not strong enough. According to the International Telecommunication Union, nearly 90 governments are still only at the early stages of making commitments to defending users’ data from malicious attacks.

Internet crime issues could result in huge losses for businesses, both financial and reputational. That’s why company owners and developers worldwide have to strengthen their security infrastructure by enhancing protection strategies and investing in advanced information technologies.

According to the OWASP, insufficient logging is one of the top 10 critical security risks to web applications, as it allows hackers to further attack systems, access, extract or destroy data. And it usually takes over 200 days to detect such breaches. As a result, it is becoming increasingly important to use stronger authentication. A large part of this depends on the app’s end users, but as a developer, you can provide them with various protection solutions. One of them is two-factor authentication. So, let’s study this in detail.

Usernames and passwords remain the most common form of user authentication. But these credentials themselves are not the safest method of protection. Users usually neglect security issues and create passwords that far cry from being strong enough for anyone else to guess. Moreover, keylogging software, which is deposited on a PC by a virus, can record all keystrokes, which makes even the strongest passwords insecure.

Therefore, responsible businesses and developers prefer adding an extra level of protection, such as two-factor authentication, also commonly referred to as 2FA. It is an electronic authentication method in which a user may access an application only after successfully providing two factors of identity verification. First, users have to enter their login and password, and, after that, they will be required to provide another factor, which may be one of the following categories:

• Something you know: a password, PIN, answers to “secret questions”, etc.
• Something you have: information that may be generated by something you have in possession like a credit card, a smartphone, or a hardware token.
• Something you are: biometric pattern of a fingerprint, an iris scan, or a voiceprint.

To ensure a secure user login to Jira, Alpha Serve developed 2FA for Jira: U2F and TOTP — an enterprise-grade solution for Jira two-factor authentication with U2F support. This Jira 2FA plugin pairs a stand-alone device such as NitroKey or Yubico Yubikey with a mobile phone, which generates the key code and in such a way provides additional protection at the verification stage.

Another software development company, Infosysta, used 2FA for Jira: U2F and TOTP to provide the best security to the users of its two apps. They integrated the plugin with Mobile for Jira and JSMobile. The first one is the enterprise Jira tool for Android and IOS that supports third-party app integration, and another one is a Jira service management portal that facilitates help center accessibility.

Through this integration, Infosysta ensured two layers of security to the apps’ validation system. Users now have to first enter the password they created by themselves and then One Time Password (OTP) generated through another application. This decision helped the company to eliminate a hacker’s ability to access users’ sensitive information and to reduce the cases of cyberattacks, which in turn improved customer’s loyalty and trust.

The mobile apps market continues to grow, and by the same token, the sophistication of cyberattacks rises. One breach could cost your company millions of dollars as well as the loss of trust. That’s why it is so important for businesses and developers to ensure proper information protection. Due to the COVID-19 pandemic, more companies started working remotely, and project management mobile apps are among those on the rise. One of the most common threads for such tools is insecure logging. As the passwords themselves are not foolproof, multi-factor authentication is commonly used by profound users and developers. Thus, Infosysta, the owner of Mobile for Jira and JSMobile, has integrated Alpha Serve’s Jira 2FA plugin in their solutions. This helped the company to reduce the cases of fraud, data loss, or identity theft, and, as a result, enhance the customer’s trust and loyalty.