1.OtpOne product description #

OtpOne is a security tool allowing you to protect files, applications and the Windows session against hackers and malicious softwares, such as cryptoviruses and keyloggers.

Each user activates a secondary authentication by using a cellphone application. This second authentication is a unique code that changes every 30 seconds and is valid one time only.

Make your life easier with a multi-factor security solution (or notification) for your applications, files and sessions, without any complications or computer programming.
Yes No

1.1.Benefits #

OtpOne protects  :

  • The applications, without any development necessary
  • The files
  • The opening of the Windows session
  • The keepass passwords by using a one-time password

How does OtpOne protect you against hackers and malicious softwares? 

  • If a hacker manages to create a new user on a device (from the command line or by starting up on a media), he will not be able to open a session if the computer is protected by a security policy.
  • If a hacker, a script, an application or a cryptovirus tries to access a protected file, it will not be possible without the user’s permission, and possibly the confirmation with a one-time password.
  • If a hacker tries to start a protected application, he will not be able to do so without the user’s permission, and possibly the confirmation with a one-time password.
Yes No

1.2.OtpOne VS Windows security controls #

OtpOne adds security capacities to the existing functions in Windows and therefore improves the safety level without any contraint. Windows has, among others, session opening functions (secure desktop), rights management for files, encryption functions (EFS and Bitlocker for the whole hard drive). There are also role management functions such as UAC (User Access Control) that allow to protect the administrator’s role by requesting a confirmation when an application wants to be executed with high security levels. OtpOne will not replace these functions, but will complement them by covering the areas they do not take care of.

 

Yes No

1.2.1.Windows authentication #

Windows usually protects the authentication with a password.

What happens if your password is compromised?

What happens if a hacker manages to add an user account to your computer? 

By default:  The hacker will then be able to open a session on Windows and access the data as he wishes.

OtpOne can add a one-time password to the login window in order to prevent the hacker from opening a session.
Yes No

1.2.2.Files access #

Windows protects the access to files by using a NTFS file system. This system helps defining which user or group has access to a file. More simply, if you have access to a file, any application using your session will have access to that file as well.

What happens when the user’s session is compromised?

What happens if you have opened or installed a pirate software that steals or encrypts your files? 

By default: Since you have access to the files, so does the pirate application or virus. The files will then be stolen and/or encrypted.

When a file protected with OtpOne is accessed, you receive a notification asking you if you want to open it. Depending on the strategy, a one-time password is requested. The action is then authorised only for the requesting process and the validated file.
Yes No

1.2.3.UAC and applications #

Windows can prevent a script or an application from running with user rights without the user’s consent. It is also possible to set up group strategies that allow the authorisation or blocking of applications. Group strategies are applicable through the computer or the user.

What happens when a hacker wants to open an accounting application that is only password protected?

What happens if an user needs PowerShell while a hacker is using it in order to start a hidden script? 

By default: The accounting application will open, and the hacker will be able to start a keylogger on a user session without the administrator rights. He will then have access to accounting. The PowerShell script will be executed if the user has the right to use PowerShell. If he does not, the user nor the hacker will be able to use PowerShell. In this case, blocking PowerShell completely is a bad idea, as it leaves the door open for the hacker.

OtpOne allows the addition of a one-time password when opening a sensitive application. An application can be blocked against hackers and accessible to users with a simple (Yes-No) confirmation.
Yes No

2.Download #

You need to be registered on the website in order to download OtpOne. You can download the free version, or the Pro version once you have been authenticated. For the Pro version, the software will be activated online once you have paid for the license.

 

Yes No

2.1.Registration | logging in #

How to log in: click on Log in at the top left side of the main menu. 

How to register:  at the top left side of the main menu, click on Log in, and then on Registration, right under the login section. You can also click on the Download menu in order to be redirected to a page with links for logging in and registering.

Création de compte site web otpon

You can then fill in the registration form. You will be able to edit your information in the section My account.

Yes No

2.2.Buying a license #

OtpOne offers a free limited version and an unlimited Pro version. You will need to purchase a license before installing the Pro version. The license will then be activated through the application and tested on a regular basis.

How to buy a simple or a multi-user license: 

  • Click on the menu Download and choose PRO version.
  • Proceed to payment with a credit card.
  • You will get a confirmation email along with the invoice.
  • Your license(s) will be available in the section My account.
The license is granted for one computer. It is not allowed to use a license number for several devices.
Yes No

3.For partners #

OtpOne has been developed in order to protect Windows, but also to put forward services companies and IT departments.

Yes No

3.1.Partner registration #

To become a partner, you have to register on the website, and then click on Become a partner in the menu Partner.

Registration for partners is free and open to all services companies and/or IT departments. It is necessary to provide valid and current information (name, address, type of business, etc.) as the latter will be verified. It is also necessary to have a credit card for a quick control of the person registering. The credit card will not be debited, only its information will be safely stored with the help of our partner Stripe.

Partners are in charge of installing OtpOne and ensuring first level support for the users and clients. They will therefore have to get familiar with the products (Pro and Enterprise).

As soon as registration is completed, you can download the OtpOne free version or the Pro version, including your customised information.

Once created, your account is in a temporary status. We will need more information depending on the country of your company before finalising the registration as a partner. We will get back to you if necessary.

 

 

Yes No

3.2.Partner benefits #

There are many benefits for partners:

  • The name of your company will be highlighted:
  • A setup with the name of your company
  • Every time you authenticate and request validation

 

  • Your contact details will be highlighted (email, phone number and website)
  • You will have access to a test with the name of your company : Test online
  • You will be able to offer installation and configuration support to your clients
  • You will have access to the Enterprise version (only for partners)
  • You may offer the free version with your name on your website
  • You may resell the Pro version on your website (upcoming)
  • You will receive a compensation with the Enterprise version licenses.
Yes No

3.3.Account validation #

The account validation is done as the application’s examination progresses. The partner company will be contacted and monitored by an OtpOne consultant.

To become a qualified partner:

  • The company information must be right and up-to-date
  • The additional information requested must be provided on time
  • Bank information must be complete (a bank account for redistribution)
  • The partner must follow an online training about the basics of installation, configuration and the OtpOne Pro and Business support
  • The partner must undertake a free online certification.

To become a qualified Gold partner in order to receive requests from clients in priority and access premium support, you need to:

  • Have at least a confirmed experience in installing and supporting OtpOne
  • Have at least two clients references for the OtpOne Enterprise installation
  • Follow the advanced training on management and development for OtpOne PRO | Enterprise
  • Pass the specific certification.
Yes No

3.4.Company settings #

When registering as a partner, you will have to fill in a form online. This form includes the setup and validation windows colour, as well as information that will be displayed to clients when installing and for each validation. You will then have to register a credit card.

You will not be able to change the company’s name and address once this information is sent. The email application settings, phone number and color can be edited in the menu My account.

The system creates a customisable version of the application when you modify an application setting (colour, e-mail, phone number) and during the first registration. This usually takes a few minutes.

Yes No

3.5.Downloading for partners #

The system creates a customisable version of the application when you modify an application setting (colour, e-mail, phone number) and during the first registration. This usually takes a few minutes.

As soon as your registration as a partner is completed – or when changing the application settings – you may download the free version and the Pro version, including the customisation. You will then be able to offer the free version for downloading on your website, and save the Pro version for installing as soon as you will own the relevant license(s).

A license per computer is needed for the Pro version and the Enterprise version.
Yes No

4.Installation #

Installing OtpOne is quick and easy, all you will need is administrator rights an a restart. The free version and Pro versions will not work with a silent installation.

Here are the steps for installing and configuring:

  • Install an application that is compatible with OtpOne on your cellphone
  • Install OtpOne on your computer
  • Restart the computer
  • After reopening the session, OtpOne will start
  • Scan the QR Code with your cellphone application (contains your secret key)
  • Confirm the one-time password, then close the window
  • Add security strategies.
Yes No

4.1.Mobile applications for OtpOne #

Mobile applications that handle a TOTP are usually compatible with OtpPone. There is a multitude of compatible applications on most IOS, Android, Windows Phone, Black Berry, and Linux devices, and many other systems and cellphones.

 

The most frequently downloaded application to use OtpOne are the following:

  • Google Authenticator
  • Microsoft Authenticator
  • FreeOTP Authenticator
  • Authy 2-Factor Authentication
Yes No

4.2.Installing OtpOne #

Installing OtpOne requires administrator rights on your computer. It is also necessary to have installed an application on your cellphone that handles a TOTP one-time password (Time-based One-Time Password).

  • Run the setup with elevated privileges
  • An user control dialogue box will open – UAC (User Acces Control) ; you must then make sure that the software truly is NextDay.Vision

  • Choose language  – English

  • Click on Next

  • Confirm the EULA (End-User License Agreement)

  • Enter the requested information (a serial number is required for the Pro version)

  • Click on Install
  • Click on Close, and restart your computer

  • Once the computer has restarted, open a session
  • The OtpOne Setup Wizard will start automatically
  • Choose your language and click on Next

  • Scan the QR code with your cellphone application

  • Confirm a one-time password, then close the window
  • The basic installation and configuration are completed.
Yes No

4.3.Uninstalling #

For uninstalling OtpOne, you will need to have administrator rights and be able to provide a valid one-time password. If you cannot do so, you must first configure your one-time password or restore it.

  • Go to the control pannel and click on Uninstall OtpOne
  • Confirm that you want to uninstall OtpOne
  • Confirm the uninstalling with a one-time password.
If you try to uninstall without a valid one-time password, the uninstalling will be cancelled automatically.
The security strategies and secret keys are not deleted during the uninstallation.

 

Yes No

5.Configuration #

The configuration of OtpOne is simple and powerful. In the following sections, you will learn how to configurate security strategies that will significantly increase the safety level of your computer.

 

 

Yes No

5.2.Adding / deleting strategies #

A security strategy allows you to:

  • Protect files
  • Protect applications
  • Protect authentication

The name of the strategy is mandatory, it has to be unique and must contain at least 3 characters.

The arguments are linked to the type of protection, it is not always possible to change the value.

The security provider can chose the action when the strategy applies.

The modules are external components, uploaded and compatible with OtpOne.

Yes No

5.3.Security providers | Types of consent #

During the creation of a security strategy, choosing the provider allows you to define the executed action when applicating the rule through the system.

The most restrictive provider will be selected by default. Providers are ranked from most to less secure.

When an user opens a protected file or application, the systems displays a message at the bottom right of the screen.

The message contains a title with the expected action, and information about what is waiting for confirmation. The top border of the message will be red or green, stating the action completed by the system if the user does not react to the request.

Red: access is denied is nothing is done (OTP and SDN)

Green: access is confirmed if nothing is done (SDI)

When the user clicks on the message, the popup displaying as well as the default action will change depending on the selected provider.

When a component secured by the Protected by OtpOne provider is open:

  • The default action is denied (red border)
  • The action message displays for 5 seconds
  • If the user clicks on the message, he will be able to provide a valid one-time password within 30 seconds (minus the time of the first message)
  • The action is denied if the user does nothing
  • The name of the strategy is defined by OTP in the list of applied strategies.

This provider is the most secure. It will ask the user for a second authentication factor to confirm the request.

When a component protected by the Warning – denied provider by default is open:

  • The default action is denied (red border)
  • The action message displays for 5 seconds
  • If the user clicks on the message, he may click Yes or No within 30 seconds (minus the time of the first message)
  • The action is denied if the user does nothing
  • The name of the strategy is defined by SDN in the list of applied strategies.

When a component protected by the Warning – confirmed provider by default is open:

  • The default action is confirmed (green border)
  • The action message displays for 5 seconds
  • If the user clicks on the message, he may click Yes or No within 30 seconds (minus the time of the first message)
  • The action is confirmed if the user does nothing
  • The name of the strategy is defined by SDI in the list of applied strategies.



The Permission exception to protected files provider allows you to authorise an application to access all files protected with OtpOne. You can use this type of rule to authorise a backup software and/or an antivirus to function normally. The user will not be requested during that type of access.

Enter a strategy name, then select Permission exception to protected files in the security providers. Write down the name of the executable in the arguments section – without putting .exe – and save the strategy. The strategy is defined by EXP in the list of applied strategies.

Yes No

5.4.Protecting a file #

To protect one or several files:

  1. Enter a strategy name
  2. Select a security provider (OTP by default)
  3. Click on Protect File
  4. Choose to protect a file by its path or extension*
  5. Enter the information you want to protect in the Arguments section
  6. Save

*You can chose to protect a file with its full path or use the file extension to protect several files.

Select Protect an extension in the secondary menu to protect several files dynamically (by renaming them as needed).

 

Protecting a file: the complete path of the file must be stated in the Arguments section.

For example: c:tempmyfichile.pdf; this file is protected, but nor from a network access.

Protecting an extension: It is common to set a prefix before the extension that needs protection in order to choose the files to protect by renaming it.

For example, to protect Adobe PDF files, using sec.pdf, will protect all the pdf files ending with sec.pdf, including from a network access.

  • c:tempmyfile-sec.pdf is automatically protected
  • c:usersusernamedocumentstest_sec.pdf is automatically protected
  • c:tempother.pdf is not protected. To protect that file, simply rename it to other-sec.pdf
Some extensions are blocked for security reasons and for the system’s stability. It is strongly advised not to secure by only using the complete extension, but by using a prefix before the extension.

Use sec.txt and not .txt, even if it does work.

For example, if you decide to protect all the files with a .Log. extension, you are at risk of creating an instability or an error in the system or in the requesting application if the latter needs to access this type of file while there are no exception.

For security reasons, it is not possible to rename a file once it is protected. The explorer will not allow copying, cutting or deleting; you will need to use another software or command line that will be confirmed by a message (with some exceptions). By default, the antivirus and your backup software will not have access to the protected files. No user account can access a protected file without authorisation, even the system account – the most powerful account on your computer.

Authorisation is made through a security provider that confirms reliably the user’s identity (see previous section). This is done on an application access basis and not by user or group. The access by groups or users are defined with NTFS and not OtpOne. The files encryption is defined with EFS and not OtpOne.
Yes No

5.5.Protecting an application #

To protect an application:

  • Enter a strategy name
  • Select a security provider (OTP by default)
  • Click on Protect App
  • Enter the application name without putting .exe in the Arguments section
  • Save.

A protection strategy allows you to have a second authentication factor and/or to send a confirmation message on any local application, without any development.

For example, if you want to be informed when PowerShell is running on your device, create a strategy by using a security provider from the Warning type; in the Arguments sectionwrite down PowerShell (without extension).You will then get a message asking you to confirm the execution every time you or any script will start PowerShell.

It is important to understand that if you want to protect your accounting (that uses a flat file database), it makes more sense to create a files protection strategy. This will protect the accounting against an unauthorised access with or without OTP, but also against theft, deletion and crypto-viruses.

If you decide to create an application rule in this case, the database file will still be accessible and at risk of modification, theft or deletion. The basis will still be modifiable with an application, a command line, a crypto-virus, a network access, etc….

Yes No

5.6.Protecting the logging session #

To protect the Wndows session:

  • Enter a strategy name
  • Click on Protect Windows
  • Choose the use frequency for your second factor (OTP)*
  • Save.

*The OTP use frequency request is not available in the free version.

To test this strategy, you will have to wait for the defined time frequency or restart the computer.

OtpOne does not disable the other authentication providers, but you will not be able to open a session if you try to run them.

*In some cases, the system does not request the OTP and suggests an usual authentication, even if the latent period is over. Do not worry, you cannot authenticate without an OTP. The system will disconnect the attempt and display the necessary manager. The manager might display during the period of time when you do not need the OTP, using an OTP then will not be mandatory.

Yes No

5.7.Creating a permission exception to protected files #

You will find more information about the permission exception to files at the end of the section Security provider.

Yes No

6.OtpOne versions Free | Pro | Enterprise #

There are three versions of OtpOne:

OtpOne Free is the free version of OtpOne, limited to 2 security strategies. It does not enable choosing the one-time password request frequency for protecting Windows.

OptOne Pro is the paid version, perfect for improving the security of individuals and small businesses.

The Free and Pro versions do not need a server in order to work, they are both autonomous.They ca also be suggested for sale by partners.

The Enterprise version is only available through an OtpOne partner. This version requires an Active Directory Infrastructure. It is also necessary to instalI and configure a server version that enables the management of clients and server based modules, as for instance the add-on in charge of protecting files on a files server.

Yes No

7.Recovery key #

You need to make sure you saved an access to your computer and your protected files. To this end, you can scan the QR code on several cellphones and export the recovery key.

Yes No

7.1.Displaying the QR Code #

If you want to display the QR code of your secret key again:

 

  • Open the OtpOne settings
  • Log in
  • Click on QR Code in the left section of settings
  • You will have to log in again for security reasons
  • The QR Code and the key appear
  • Close the window as soon as you have scanned the code on the new device.
Do not use the same one-time password as the first time you logged in, it will not work.
Yes No

7.2.Saving the recovery key #

In order to recreate a secret key or to be able to open a session when your phone is lost or stolen, you will have to provide the recovery key.

This key can be exported in the OtpOne settings:

  • Open the OtpOne settings
  • Log in
  • Click on Recovery key in the left section
  • A message appears The key is now in the clipboard
  • Paste the key (Control+V) in a text file or an email that you can print and keep in a safe place.
Yes No

7.3.Using the recovery key #

If you are not able to access a valid one-time password anymore, or if your phone is lost or stolen, you can recreate a key using the recovery key.

To do so, right click on the OtpOne icon and then on the Recovery menu.

Enter the recovery key instead of a one-time password. You will then have to restart your computer. After restarting, you will have to scan a new key.

Yes No

8.Developing | API #

The installation of OtpOne includes an API allowing you to add easily more security to applications and scripts. It is possible to secure a file and/or an no-code application with OtpOne. However, this does not enable requesting a one-time password, or a confirmation related to a role or a particular action in your application. For this, we offer you a simple and powerful API.

You will not need to manage the creation and security of the secret key, nor the direct management of the verification, as it is already included and functioning. Therefore, all you will have to deal with is the implementation of an identity verification in your application or your script with a few lines of code.

Yes No

8.1.Developing with PowerShell #

PowerShell is a powerful and modern scripting language, it allows you to manage and control nearly all the ressources of a computer.

otp avec powershell

PowerShell: test of a one-time password

If you want to verify the identity of an user with a second factor (OTP) in a PowerShell script:

  • Start PowerShell
  • Import the library
  • Test the OTP

Settings:

Username = name of the user, including a device or a domain

OTP: the OTP key for testing

Import-module c:windowssystem32ndv-generic.dll
test-otp -Username machineusername -OTP 123456

The possible responses are:

  • Success
  • Failed
  • Error
Yes No

8.2.Developing with .NET #

C#. VB.NET and many others are supported by OtpOne. You can add quickly and easily some security to your application.

  • Reference c:windowssystem32Ndv-generic.dll
  • Use the OTP test functions and many others.
Vérfication d'otp en C#

OTP verification in C#

The OTP test functions:

The function ValidateOTP tests an OTP without displaying a message to the user. In this case, you will have to handle the displaying and the OTP input, as well as the response.  

private bool CheckOTP(String user, String otp)
{
  //Verifies an OTP without GUI

  NDV.Generic.SDK.OTPResponse resp = NDV.Generic.SDK.ValidateOTP(usr, otp, null);
  return  (resp == NDV.Generic.SDK.OTPResponse.Success);
}

The function ValideOTPGUI asks the user for the OTP by displaying the usual OtpOne message, your application only has to process the response.

private bool CheckOTPGui(String app, String MSG)
{
  //Verifies an OTP with GUI

  NDV.Generic.SDK.OTPResponse resp = NDV.Generic.SDK.ValideOTPGUI(app, MSG);
  return  (resp == NDV.Generic.SDK.OTPResponse.Success);
}
Yes No

9.Add-on modules #

The API provided by OtpOne with its products allows the integration of an OTP request in any application demanding more security. OtpOne already includes its identity technologies and others in professional applications and modules – these are not public for safety reasons.

 

Yes No

9.1.Keepass module #

Creating an application or a module demonstrates the API functions and the OtpOne capacities to improve security. This is why we offer a free module for KeePass: it is also available on the download page.

This module protects the access to a master key with an OTP (and the master key protects the database). Thanks to this module, KeePass no longer is at risk of a keylogger – its worst enemy. 

The installation is very quick: if you already have installed KeePass 2.X, you can simply copy the NDVOTPPlugin.dll in the same folder as  keepass.exe. You can also download keepass 2.X or use the previous version in the Zip file. KeePass 2.X requires installing .Net 2.0 and 3.5 on your computer.

How to use the new provider:

  • When creating a database or modifying the existing key (menu: File -> Change Master Key)
  • Select Key file / provider and OtpOne – Keepass Module

  • Enter a master key for protecting the database as well as a valid OTP and click on OK 

The database is successfully created or modified by using an OTP.

The master key provided during this process will not be requested again and will be protected with the OTP. Therefore, it is important to write it down and save it in a safe place in case you need to share or restore it.This master key is not usable witout OtpOne

To open a KeePass database protected by OtpOne:

  • Click on the database file or on KeePass
  • Select the OtpOne provider if it is not there already and click on OK

  • Enter your OTP, then click on OK

The Keepass database opens.

If you want to share this protected database, install the module on all the devices that need to access it. When starting the database for the first time, the user will have to enter the master key that was saved, and then confirm an OTP.
Yes No
Suggest Edit