We are pleased to announce the launch of a new commercial module named “PBX MFA” to the FreePBX ecosystem. It is targeted towards FreePBX and PBXact version 16 and above, but it can also be used by systems running version 15.
What is MFA?
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more proofs of identity to gain access to a PBX system, rather than relying solely on a username and password combination. MFA provides more robust security and protection against hackers.
Why might someone need this module?
Nowadays MFA is becoming a mandatory security practice. The biggest drawback of using the traditional user ID and password logins is that passwords can easily be stolen. Hackers use password cracking tools to guess various combinations of usernames and passwords until they find the right credentials. This would allow a hacker to gain unauthorized access to your PBX system with stolen credentials.
MFA is now among the most robust security services available, offering enhanced security and ease of use. If you’re still relying on passwords alone, it’s time to use the PBX MFA Module. It strengthens security by adding a layer of authentication so that hackers won’t be able to access your PBX system even if one credential is compromised because they won’t be able to complete the second authentication step.
Let’s describe this process with an example: To gain PBX access, a user will need to enter their username and password as the first step, and then also generate an OTP code to enter. In this case, the user will do so via an authenticator app linked to that user account. Even if hackers manage to obtain that user’s password, they still won’t have access to their actual mobile phone with the authenticator app, so their attempts to break in will fail.
How does it work?
The administrator can enable MFA for user accounts and configure the type of authentication, such as:
- Authentication via Email – Whenever users login to the PBX, a new prompt will be made requesting a verification code, which will be sent to the user’s email address. Users can use this OTP to log in
- Authentication via Call – Whenever the users log in to the PBX, a call will be made to the user’s extension. The user has to answer the call and press # to verify their identity.
- Authentication via Authenticator App – Users will receive the authenticator app configuration mail when they log in for the first time to PBX. This email will include a QR code and detailed steps to set up the Authenticator app.
After setup, whenever the user logs in, a new prompt will be made requesting an OTP code. The user has to enter the OTP code from the configured Authenticator App (for example, Google Authenticator or Microsoft Authenticator).
- Authentication via User Choice Authentication Factor – Whenever the users log in to the PBX, a new prompt will be made requesting users to select their choice of authentication factor, which can be either of these:
- Verify identity using an OTP sent to the user’s email address (MFA/OTP via Email)
- Verify identity using an authenticator app (MFA/OTP via Authenticator App)
- Verify identity by receiving calls from the PBX (MFA/OTP via Call)
After selecting the authentication factor, a user will be able to verify their identity.
How can I install this module?
Using the “Check Online” functionality via “Module admin”, an administrator can download the “PBX MFA” module.
How do I purchase it?
Licenses are included in the purchase price for all PBXact systems. Instructions for purchasing and licensing the module on FreePBX can be found at the FreePBX Wiki – Purchasing Commercial Modules.
How do I configure it?
Please refer to https://wiki.freepbx.org/display/FPBXDEV/PBX+MFA+Module for more details about the module and its configuration.
We encourage you to send us feedback so that we can continue to improve this module. Please provide feedback by raising issues as a commercial module support ticket or submit feature requests or improvements to enhance this module’s functionality.