Table of Contents
Two Factor Authentication
Two Factor Authentication, also known as 2FA, is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also a six-digit code supplied from your phone or an external app. If enabled, users will have the option to enroll their account into Two Factor Authentication for additional security.
Enabling Two Factor Authentication (2FA) For your Site
Whether or not you allow Two Factor Authentication for your users is controlled in Command & Control → Configuration → Users & Submissions. You can turn on or off 2FA support for your site.
User Enrollment into Two Factor Authentication
Once Two Factor Authentication has been enabled for the site configuration, users can now choose to enroll to add additional protections to their user account. Navigate to My Account → Two Factor Auth
Select the Enroll into Two Factor Authentication button. This will present the following screen:
Scan the QRCode with your authentication application, or enter the secret manually into your authentication application.
Once you have scanned or entered the code into your authentication application, enter the 6 (six) digit code from your application into the Verify input.
Once you have verified the Two Factor Authentication, it is now enabled for your account.
Now that Two Factor Authentication is enabled on your account, each time you login you must enter the six (6) digit code provided by your authentication application, or use one of the backup codes shown when you enrolled.
After you have successfully enrolled into Two Factor Authentication, you will be shown 5 backup codes. These can be used if you lose your authentication application or do not have access to your authentication application. You should store these in a safe and secure location. You can also download the backup codes to a text file called backup-codes.txt.
Regenerate Backup Codes
If you loose your backup codes, or have used them to login (backup codes can only be used once), you can regenerate a new set. When you create a new set of backup codes, the previously created codes will become invalid and cannot be used in the future.
Turning Off Two Factor Authentication
A user can disable (turn off) Two Factor Authentication from the My Account area.
A site administrator can also turn off Two Factor Authentication for any user by checking the Disable Two Factor Authentication checkbox when editing the user's information from Command & Control → Users.
When Two Factor Authentication is turned off - the site secret and any previously created backup codes for that user become invalid and cannot be used in the future.