Channel, Content

Why Datto is Requiring Two-Factor Authentication (2FA)


At Datto, one of our priorities is to protect MSPs and their clients, who are being increasingly targeted by advanced attack strategy known as Advanced Persistent Threat (APT). Attacker tactics, techniques, and procedures (TTPs) commonly involve using stolen login credentials to compromise MSPs and their end-users systems and data. We recognize our responsibility to help safeguard businesses from the serious threats that face the community today.

Ryan Weeks, CISO, Datto
Author: Datto CISO Ryan Weeks

In an effort to protect our partners, we announced our intention to move to mandatory two-factor authentication (2FA) for Datto Remote Monitoring and Management (RMM) in August of this year. The supportive partner responses left us confident that mandating 2FA for Datto RMM is the appropriate action to keep our partners and their end clients secure. We also recognized an opportunity to act on many of the enhancement suggestions received. Thus, in the near future, we will be implementing a series of changes to:

  1. Move Datto RMM authentication to Datto Platform Single Sign On (SSO) in early November 2019.
  2. Enable mandatory 2FA for ALL Datto RMM users in the following weeks.

This plan brings MSPs closer to a single login experience for all Datto products and delivers many of the requested benefits that already exist within Datto SSO.

Why did we decide on these specific changes?

We learned the following from reviewing and discussing all of the feedback we received:

  1. Users overwhelmingly agree on using 2FA to protect their RMM solution. Most of the concerns were around usability and 2FA features in Datto RMM.
  2. Our partners requested additional 2FA options like voice and most commonly Push notifications.
  3. Our partners much prefer a unified process for the multiple Datto/Autotask products. Having different authentication options for these products is not ideal.
  4. Our partners also requested support to bring their federated identity and authentication security solutions such as Microsoft ADFS, Azure AD, Duo and Okta.

It became clear to us that, to create a satisfactory solution for our partners, we couldn’t just add/fix 2FA features to Datto RMM. We needed to expedite our move to SSO across all Datto products. This would result in less disruption and also significant benefits for our partners:

  1. Datto SSO has more 2FA options than Datto RMM. This includes Push notification (using the Authy App).
  2. SSO will offer our partners centralized security. A single user change will protect them across all Datto products.
  3. SSO will offer a better cross-product experience by permitting users to seamlessly navigate between product.
  4. SSO will allow us to integrate with other authentication providers in a single place in the future, rather than having to do it for all our products separately.

To learn more about this impending change and or if you have any questions or concerns, please email [email protected].

Author Ryan Weeks is chief information security officer (CISO) at Datto. Read more Datto blogs, views and perspectives here.