topic Re: Email OTP verification coming to Autodesk! in Announcements and Meet & Greet

Email OTP verification coming to Autodesk!

stephen_ch_yuen — Fri, 07 Feb 2025 22:14:14 GMT

Regional Rollout of One-Time Passcode via Email for All Autodesk Customers Begins April 2, 2025

We are committed to ensuring the security of Autodesk customer accounts. As part of this commitment, we will implement a one-time passcode (OTP) verification via email for all Autodesk customers starting April 2, 2025. Using OTP is a form of multi-factor authentication (MFA) that provides extra security for your Autodesk accounts and deters unauthorized access.

What to Expect: Starting April 2, we will begin our rollout of the enhanced email OTP workflow. This rollout will be conducted gradually, region by region. Once we enable this feature in your region and unless you otherwise have SSO or MFA enabled, you will need to use it as part of the verification process to access Autodesk products. Upon entering your username and password, you will receive an OTP via email, which you must provide to complete the verification process.

Key Details:

Rollout Period: Starting April 2, 2025, we will gradually roll out the feature across accounts on a region-by-region basis. Stay tuned for the specific rollout schedule for your region.

No Change for Existing MFA or SSO Users: If you are already using Multi-Factor Authentication (MFA) or have Single Sign-On (SSO) enabled, you will not experience any changes.

Thank you for your cooperation and commitment to maintaining the security of your Autodesk accounts.

Additional Information

Why use Multi-Factor Authentication (MFA)?  Security threats are increasing and becoming more sophisticated, making robust protection more critical than ever. As companies in the make and design industries, including Autodesk, rely more on digital infrastructure, protecting sensitive data and maintaining system integrity becomes paramount. Enforcing MFA is an effective way to enhance security.

Email OTP verification Email OTP verification is one of the many strategies used in MFA. With this method, after you enter your password, we send an OTP to your registered email address. You must enter this OTP to complete the login process. This adds an additional layer of security because even if someone knows your password, they would also need access to your email account to obtain the OTP.

What’s in it for me? Here’s why we at Autodesk are enabling email OTP, as a form of MFA, and why this will benefit you, as a customer:

Enhanced security We are enforcing MFA to bolster security. Traditional single-factor authentication, typically a username and password, is no longer sufficient to protect against modern cyber threats. MFA requires you to provide two or more verification factors to gain access to accounts or system. These factors include something you know (password), something you have (a smartphone or hardware token), and something you are (biometric verification). This multi-layered approach significantly reduces the risk of unauthorized access, even if one factor is compromised.
Protection against intellectual property theft Phishing attacks, data breaches, and other forms of credential theft are common threats that can lead to unauthorized access. In the make and design industries, the theft of intellectual property can have severe consequences. MFA provides an additional layer of security, making it much harder for attackers to gain access to accounts, even if they manage to steal passwords. By enforcing MFA, we can mitigate the risk of credential-based attacks and better protect your valuable designs and innovations.

Compliance with industry standards Many industries must implement strong security measures, such as MFA, due to regulatory requirements. By enforcing MFA, Autodesk ensures compliance with best security practices and regulatory guidelines.

Increased client trust Clients in the make and design industries are increasingly aware of security risks and are prioritizing their digital safety. By implementing MFA, Autodesk demonstrates its commitment to protecting client data, which enhances trust and loyalty.

Mitigation of account takeovers Account takeovers can have severe consequences, including financial loss, data breaches, and reputational damage. MFA provides an effective defense against these attacks by requiring multiple forms of verification. Even if an attacker obtains your password, they still need the additional authentication factors to gain access. This significantly reduces the likelihood of account takeovers and unauthorized access to confidential data.

Adaptability to emerging threats MFA is a dynamic and flexible solution that we can update and strengthen as new threats emerge. Autodesk can implement various MFA methods, such as email-based verification, mobile authenticator apps, or biometric authentication, to stay resilient against evolving attack vectors.

Frequently Asked Questions (FAQ)

Q: What is Multi-Factor Authentication (MFA)? 

A: Multi-Factor Authentication (MFA) is a security measure that requires you to provide two or more verification factors to gain access to accounts or system. These factors typically include something you know (password), something you have (a smartphone or hardware token), and something you are (biometric verification).

Q: Why is MFA important for customers in the make and design industries? 

A: MFA is crucial for protecting confidential data and intellectual property in the make and design industries. It provides an additional layer of security, reduces risk of unauthorized access and mitigates the impact of credential theft.

Q: How does MFA help in complying with industry standards? 

A: MFA helps Autodesk and customers comply with industry regulations and standards that mandate strong data protection practices.

Q: What are some common methods of implementing MFA? 

A: Common methods of implementing MFA include email-based verification, mobile authenticator apps, hardware tokens, and biometric authentication (e.g., fingerprint or facial recognition).

Q: How does MFA protect against phishing attacks? 

A: MFA adds an extra layer of security by requiring multiple forms of verification. Even if you fall victim to a phishing attack and your password is compromised, the attacker would still need the additional authentication factors to gain access, making it much harder to succeed.

Q: What are some best practices for implementing MFA? 

A: Best practices for implementing MFA include:

Using a combination of verification factors: Ensure you use something you know (password), something you have (hardware token or smartphone), and something you are (biometric verification).

Regularly updating authentication methods: Keep your authentication methods up-to-date to counteract emerging threats.

Educating users about security practices: Inform users about the importance of MFA and how to use it effectively.

Monitoring for suspicious activity: Continuously monitor account activity for any unusual or suspicious behavior.

Enforcing strong password policies: Ensure users create strong, unique passwords that are changed regularly.

Implementing single sign-on (SSO) with MFA: Simplify the user experience while maintaining security by integrating MFA with SSO solutions.

Providing backup authentication methods: Offer alternative authentication options in case the primary method is unavailable.

Regularly reviewing and auditing MFA policies: Conduct periodic reviews to ensure MFA policies are effective and up-to-date.

Encouraging the use of hardware tokens: Hardware tokens can provide a more secure form of MFA compared to software-based solutions.
Ensuring secure storage of recovery codes: Advise users to store recovery codes in a secure location, separate from their devices.

Re: Email OTP verification coming to Autodesk!

Curtis_W — Fri, 07 Feb 2025 22:13:58 GMT

@stephen_ch_yuen

Your links do not work

Re: Email OTP verification coming to Autodesk!

stephen_ch_yuen — Fri, 07 Feb 2025 22:15:20 GMT

Thanks Curtis. Updated section into content instead.

Re: Email OTP verification coming to Autodesk!

ChrisRS — Sat, 08 Feb 2025 00:52:50 GMT

Thank you for the advanced notice.

Re: Email OTP verification coming to Autodesk!

silvio3105 — Wed, 12 Feb 2025 11:56:49 GMT

2FA/OTP from phone apps(MS, Google etc..) will be available?

Re: Email OTP verification coming to Autodesk!

stephen_ch_yuen — Wed, 12 Feb 2025 17:10:56 GMT

Correct. All users who do not currently have SSO/MFA enabled, will be required to use the enhanced verification workflow on cloud, desktop, and mobile applications.

Re: Email OTP verification coming to Autodesk!

ktnalive — Fri, 14 Feb 2025 07:53:04 GMT

Thanks,

Kim.

Re: Email OTP verification coming to Autodesk!

ParishSouthBdx — Fri, 14 Feb 2025 21:54:28 GMT

I find it interesting that customers/users folks logging in are held to some rigid access procedures like the ones described here. when truth be told the unauthorized access or hacking doesnt happen from the log in page, or from our side, its from the other side. Breaches of data are almost common place now. Not specificlly Autodesk, but other vendors, AMAZON, BANKING,,,,

Re: Email OTP verification coming to Autodesk!

Michiel.Valcke — Mon, 17 Feb 2025 14:44:00 GMT

What is the order of regions where the rollout will take effect?

And will the email verification be necessary with each login?

Re: Email OTP verification coming to Autodesk!

tcorey — Mon, 17 Feb 2025 14:38:15 GMT

I know little about security so my question might be naive. Why can't you use text like so many other companies do? Or give us the choice.

Re: Email OTP verification coming to Autodesk!

Michiel.Valcke — Mon, 17 Feb 2025 15:21:14 GMT

~~You can choose that option if you set up 2 factor authentication yourself, the measure is for people who have not set up 2-factor authentication.~~

@tcorey I apologize, I just tried it myself and apparently the authenticator app is the only option atm?

Re: Email OTP verification coming to Autodesk!

stephen_ch_yuen — Tue, 18 Feb 2025 05:28:48 GMT

Valid point @ParishSouthBdx. MFA (including OTP) still can be part of a comprehensive security strategy. While we cannot prevent against all type of security breaches, we believe MFA is a crucial part of a multi-layered security approach that helps protect against a wide range of threats. It's not about burdening users with rigid access procedures but rather about safeguarding their data and maintaining the integrity of the systems they rely on.

Re: Kostenlose Lizenz läuft ab. Was soll ich machen?

stephen_ch_yuen — Tue, 18 Feb 2025 05:32:22 GMT

Please reach out via https://www.autodesk.com/support/contact-support

Re: Email OTP verification coming to Autodesk!

stephen_ch_yuen — Tue, 18 Feb 2025 05:41:57 GMT

We will confirm the regional rollout schedule in March. Stay tuned.

Existing users who already have SSO/MFA set up can continue to use these methods even after the feature is enabled. For those who do not, we offer email OTP verification or verification via an authenticator app as options. We plan to expand to other MFA options in future feature releases.

Re: Email OTP verification coming to Autodesk!

dsummersPEG — Thu, 20 Feb 2025 14:54:55 GMT

Will we be required to go through the OTP email exercise each time we start/restart an Autodesk software product on our computer? I admit my confusion over the "one-time" part of "one-time passcode"; it may have multiple interpretations. Is it one-time use, or one-time required? I don't normally keep Autocad and Revit open simultaneously, and bounce back and forth between the two frequently, and not looking forward to waiting on emails each time I want to swap. So an additional question: will this cause issues if we do run multiple Autodesk products simultaneously? By that I mean both multiple instances on the same computer of the same product (like 2 instances of Autocad), and running both Autocad and Revit on the same computer.

Re: Email OTP verification coming to Autodesk!

stephen_ch_yuen — Thu, 20 Feb 2025 17:15:43 GMT

Thank you for your comment @dsummersPEG.

When you log in to your account, you will receive a one-time password (OTP) sent to your registered email. This OTP is valid for a short period and must be used before it expires. If the OTP expires, you will need to request a new one. The OTP is required only when logging in from a device that the system does not recognize. After entering your username, password, and OTP successfully, you can choose to remember the device or stay signed in for a certain period. This means you won't need to enter the OTP again for future logins on the same device within that period.

If you log in from a different device that the system doesn't recognize, you will be prompted to enter a new OTP. Once verified, you can choose to trust this new device, and the same rules will apply.

In summary, the OTP adds an extra layer of security, especially when accessing your account from new or unrecognized devices.

Hope this is helpful.

Re: Email OTP verification coming to Autodesk!

AllenJessup — Thu, 27 Feb 2025 13:29:32 GMT

This doesn't apply to me. But, I remember issues from previous license changes. Is there any thought being put to users that have to work out of contact with internet services or those working in disaster areas where cell phone services have been disrupted?

Re: Email OTP verification coming to Autodesk!

pendean — Thu, 27 Feb 2025 14:18:06 GMT

@AllenJessup Pre-planning and seeking out Autodesk Licensing 'special needs' need to be planned for ahead of time. For everyone else, I suspect Starlink (and others soon enough) is a modern solution and is good enough to use once a month for your laptop to call home for a license check before letting you work remotely again.

SO... If you have power (aka electricity), today's excuses for no internet access have been reduced dramatically.

Re: Email OTP verification coming to Autodesk!

AllenJessup — Thu, 27 Feb 2025 15:20:02 GMT

@pendean Understood. And for the once a month check in I'm sure that would be fine. However I could see having to get an email every time you open a program may cause some people an issue. I've never used Starlink so I have no idea how it may perform worldwide.

Heck. Our MFA service went out for over half a day. After an hour or so IT had to disable it so people could log in to there computers. The week before our phones (VOIP) went down for a couple of hours. Those who only had MFA through their office phones were locked out.

Re: Email OTP verification coming to Autodesk!

pendean — Thu, 27 Feb 2025 20:58:32 GMT

@AllenJessup wrote:

... Those who only had MFA through their office phones were locked out.

Yes, and probably related to the recent push by Autodesk to offer email OTP instead: other software vendors have it, its not limited to phone numbers, and I am a total fan.