For the best-in-class security, Ceva applications security is based on 2-step authentication.
Something you HAVE and something you KNOW, secretely.
Indeed, it is hard for someone who want to access an application in your name to crack these two steps.
In the software industry, this has been implemented by different means. In Ceva, we chose to do these two steps with a USER CERTIFICATE (something you have) and a LOGIN/PASSWORD (something you know)
We currently support 2 types of 2-step authentication:
Most of our legacy applications require that you trust your browser by installing the Ceva certificate into the certificate store of the browser. Once the application recognizes that you have this certificate, you are granted access to the login page.
Ceva employees can install this certificate in professional devices as well as in personal devices. It is then their responsibility to renew the certificate if the device is stolen, lost or compromised.
We also encourage Ceva employees to use 2-step verification on their personal accounts and services, such as Facebook, Dropbox, Live, Lastpass, Linkedin.
In order to generate a TOTP token, users need a smartphone. As the protocol is open, several vendors propose applications, including Google Authenticator, Windows Authenticator, and even Ceva. We propose a web based authenticator application wich stores your secrets on the browser storage. Nothing is stored on servers.
Security Key is an alternative second authentication factor.
It is convenient for users not having a smartphone.
Thanks to the FIDO alliance, this key is defined to be able to embed many certificates to be used as a second factor for several web accounts. One can for instance use it for several Google accounts (such as personal and professional), and in the future for other web sites when they become compliant.
We recommend that users with smartphone and mobile computers make use of Google 2-step verification, which is similar to Ceva 2-step authentication but requires a smartphone to display a code that changes every 30 seconds in order to trust your browsers for 30 days.