Notes clients and two-factor authentication
Notes client authentication with a Notes ID provides built-in, automatic, two-factor authentication.
The two factors for authentication are:
- Something that you have The user has an encrypted file on disk containing the cryptographic credentials used for authentication to Domino servers. The sensitive regions of that file are encrypted, including all of the private and secret keys.
- Something that you know The user knows the password needed to decrypt the encrypted file. This password is never sent over the network to a server or stored on a server as part of authentication; it is used only to locally decrypt the encrypted ID file. Since V9.0, Domino administrators have been able to force end-users ID files to be encrypted using a 256-bit AES key generated per current security best practices using PKCS#5's PBES2 algorithm and iterated salted HMAC-SHA2.