glFusion Wiki

Site Tools


glfusion:twofactor

Two Factor Authentication

Two Factor Authentication, also known as 2FA, is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also a six-digit code supplied from your phone or an external app. If enabled, users will have the option to enroll their account into Two Factor Authentication for additional security.

Enabling Two Factor Authentication (2FA) For your Site

Whether or not you allow Two Factor Authentication for your users is controlled in Command & Control → Configuration → Users & Submissions. You can turn on or off 2FA support for your site.

User Enrollment into Two Factor Authentication

Once Two Factor Authentication has been enabled for the site configuration, users can now choose to enroll to add additional protections to their user account. Navigate to My Account → Two Factor Auth

Select the Enroll into Two Factor Authentication button. This will present the following screen:

Scan the QRCode with your authentication application, or enter the secret manually into your authentication application.

Once you have scanned or entered the code into your authentication application, enter the 6 (six) digit code from your application into the Verify input.

Once you have verified the Two Factor Authentication, it is now enabled for your account.

Now that Two Factor Authentication is enabled on your account, each time you login you must enter the six (6) digit code provided by your authentication application, or use one of the backup codes shown when you enrolled.

Backup Codes

After you have successfully enrolled into Two Factor Authentication, you will be shown 5 backup codes. These can be used if you lose your authentication application or do not have access to your authentication application. You should store these in a safe and secure location. You can also download the backup codes to a text file called backup-codes.txt.

Please ensure you save your backup codes for future use. In the event you lose your mobile device, or change mobile devices and forget to backup or disable 2FA before moving to the new device, the backup codes will allow you to login. If you lose your mobile device and do not have access to your backup codes, you will not be able to log into your site!

Regenerate Backup Codes

If you loose your backup codes, or have used them to login (backup codes can only be used once), you can regenerate a new set. When you create a new set of backup codes, the previously created codes will become invalid and cannot be used in the future.

Turning Off Two Factor Authentication

A user can disable (turn off) Two Factor Authentication from the My Account area.

A site administrator can also turn off Two Factor Authentication for any user by checking the Disable Two Factor Authentication checkbox when editing the user's information from Command & Control → Users.

When Two Factor Authentication is turned off - the site secret and any previously created backup codes for that user become invalid and cannot be used in the future.

Popular Two Factor Authentication Apps

There are many different Two Factor Authentication applications available. All should work fine with glFusion's Two Factor Authentication system.

glfusion/twofactor.txt · Last modified: 2018/01/12 14:11 (external edit)