Scribd
Upload
43 views2 pages

2-Factor Authentication User Manual

2-factor authentication (2FA) provides an additional layer of security beyond just a username and password by requiring a one-time code from a smartphone app along with the username and password. To set up 2FA, users install an authentication app, scan a QR code or enter a secret key from their account settings page to link the app. Then to log in, users enter their username, password and a new 6-digit code from the app. Disabling or changing the 2FA settings also requires logging in and accessing the account settings page.

Uploaded by

Saeed Yahyazadeh
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views2 pages

2-Factor Authentication User Manual

2-factor authentication (2FA) provides an additional layer of security beyond just a username and password by requiring a one-time code from a smartphone app along with the username and password. To set up 2FA, users install an authentication app, scan a QR code or enter a secret key from their account settings page to link the app. Then to log in, users enter their username, password and a new 6-digit code from the app. Disabling or changing the 2FA settings also requires logging in and accessing the account settings page.

Uploaded by

Saeed Yahyazadeh
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

2-factor Authentication - USER MANUAL

VERSION 1.1 (2016-02-02)


What is 2-factor Authentication?
2-factor authentication (2FA) is technology and a process that requires two sets of credentials be used in authenticating the owner of an account.
Ultimately, using 2FA improves the security of your account. The use of 2FA in the Control Panel requires your standard username and password
first and second, a changing automatic generated code from an application on your smartphone. Since the secondary generated code is
displayed through your smartphone application, physical access to your smartphone is required, making it virtually impossible to access your
account without the physical phone. Please note that "2"-factor Authentication is also known as "2"-step Authentication and "2FA". More
information is available at Wikipedia.

How to Activate 2-factor Authentication in Control Panel?


Step 1: Install a One Time Password (OTP) Application on your Smartphone
The OTP application must be compatible with "TOTP" (Time-based One-Time Password, as specified in RFC 6238). The following mobile
applications are recommended:

FreeOTP (Android | iOS)


Google Authenticator (Android | iOS)

Configure the OTP application as follows:

Insure the application is using SHA1 - 6 digits (totp), typically this is the default
Generated codes are only valid for 30 seconds
Add a smartphone passcode or fingerprint for additional security

Step 2: Access and Connect the OTP Application to the Control Panel
Navigate to Manage Account > My Account > Access Control > 2-factor Authentication for the QR code
A randomly generated "secret key" is created and a QR code / direct output will be made available
Connect the OTP application by scanning the created QR code / direct output on the page
Add the 2FA profile manually by providing the generated secret key if scanning the QR code doesn't work
The OTP mobile application is able to generate 6 digit OTP codes for your account based on the generated secret key from the Control
Panel
Since existing profiles cannot get overwritten, please delete any previous Control Panel profiles first before generating a new profile /
secret key

Step 3: Use the Phone Generated Code to Activate 2FA


Using a valid generated 6 digit code and clicking on "Enable", 2FA will be activated for your account. Please note the following reasons why
activation may not happen:

The provided code may be invalid


Codes are only valid for 30s and may have expired
The mobile OTP application profile set up failed and thus generated wrong codes

Step 4: You are done and Optional Additional Security


Additional access control features can be turned on in the Control Panel:

IP access limitation
Role users access
Frequently Asked Questions about 2FA

How do I Log in to the Control Panel with 2FA Active?


Login as follows:

Click on the "2-factor Authentication" button on the Control Panel login screen
Provide your username, your password
Provide your 6 digits one time password auto generated by your OTP phone application

How to disable 2FA or change the Secret key?


To disable 2FA or reconfigure it (losing physical access to smartphone) please login to the Control Panel and navigate to Manage Account > My
Account > Access Control and click the "Disable" button. From this screen 2FA can also be re-activate or re-setup, which will generate a
completely new secret key.

How to recover your account if you lost your phone?


If you misplace your smartphone or cannot generate the 6 digit one time password for any other reason, please contact support directly. Support
has a process to validate your identity and provide account access. Please note that if you lose your QR code or secret code from the Access
Control page, charges may apply for additional manual verification and checking.

Common questions

Powered by AI

Challenges in activating 2FA include entering an invalid OTP, expired codes, or setup misconfigurations such as selecting incorrect OTP settings. These can be mitigated by closely following setup instructions, ensuring the OTP app's time is synced, and verifying the setup by generating and entering a test OTP during initial configuration to confirm successful linkage .

A user might disable 2-factor authentication to simplify login procedures or due to inconvenience, particularly if they frequently lose access to the OTP-generating device. However, doing so exposes the account to higher risks of unauthorized access, as it relies solely on password protection, which can be easier to breach through phishing or brute force attacks .

Enabling 2-factor authentication (2FA) significantly enhances security by requiring two different forms of credentials to access an account. This decreases the likelihood of unauthorized access, as attackers would need both the password and physical access to the smartphone generating the OTP. Without 2FA, an account is more vulnerable to breaches, especially if the password is weak or reused across multiple sites .

If a user loses their smartphone with the OTP application, they must contact support to validate their identity and recover account access. This process usually involves providing proof of identity to authenticate the request. There may also be additional charges for manual verification if both the QR code and secret key are lost .

Reactivating or resetting 2FA involves generating a new secret key and QR code to be configured with another OTP device, which is crucial after losing access to ensure continued security. This process helps prevent unauthorized access through lost devices, but it also underscores the importance of secure identity verification to prevent malicious actors from hijacking the account during reconfiguration. Ensuring strong identity verification at this stage is vital to maintain account security .

If an expired OTP is used during the 2FA process, the authentication will fail, and access will be denied. Users can avoid this issue by swiftly entering the OTP within its 30-second validity window and ensuring the smartphone clock is accurately synced with the time server to prevent time-related discrepancies in OTP generation .

QR codes play a critical role in simplifying security setup by providing a quick and error-free method to input the secret key into the OTP application. This user-friendly approach eliminates the need for manual entry, reducing the potential for human error while maintaining the confidentiality of the secret key. The QR code's integration enhances both user experience and security by streamlining the setup process while safeguarding sensitive information .

Role-based access control and IP restrictions provide additional safeguards by limiting account access based on user roles and pre-defined IP ranges. They complement 2FA by enforcing access policies that restrict user permissions based on their role in the organization and geographically limit where logins can originate from, thereby reducing the risk of unauthorized access even if OTPs are compromised .

The One Time Password (OTP) application must be compatible with TOTP RFC 6238 and typically uses SHA1 for generating 6-digit codes that are valid for 30 seconds. Configuration involves installing the app on a smartphone, scanning a QR code or entering a secret key, and possibly securing the app with a passcode or fingerprint. This configuration is necessary to securely link the OTP generator to the account and ensure the codes are correctly generated .

The use of both a secret key and QR code in 2-factor authentication setup ensures that the pairing between the account and the OTP generator is unique and personalized. The QR code simplifies the setup by automatically inputting the secret key into the OTP application, reducing the chance of manual entry errors. This multi-step verification ensures only authorized users with access to the QR code (and thus the secret key) can generate valid OTPs, adding a layer of security .

You might also like