Two-Factor Authentication

Overview

Two-factor authentication (2FA) adds an extra layer of security to your account by requiring both your password and a time-based code from your authenticator app to log in. Even if someone obtains your password, they won't be able to access your account without the code from your device.

Setting Up Two-Factor Authentication

Prerequisites

You'll need an authenticator app installed on your smartphone or tablet. Popular options include:

• Google Authenticator (iOS, Android)
• Microsoft Authenticator (iOS, Android)
• Authy (iOS, Android, Desktop)
• 1Password (with TOTP support)
• Bitwarden (with TOTP support)

Setup Process

1. Navigate to Account Settings

   • Go to Account Settings from your user menu
   • Locate the Two-Factor Authentication section

2. Start Setup

   • Click Enable Two-Factor Authentication
   • You'll be taken to the setup page

3. Scan QR Code

   • Open your authenticator app
   • Select "Add Account" or "Scan QR Code"
   • Point your camera at the QR code displayed on screen

   Can't scan? Click "Can't scan?" to reveal your secret key. Enter this manually into your authenticator app.

4. Verify Setup

   • Your authenticator app will now display a 6-digit code that changes every 30 seconds
   • Enter the current 6-digit code into the verification field
   • Click Verify and Continue

5. Save Backup Codes

   • You'll receive 10 backup codes
   • Important: Save these codes in a secure location (password manager, safe, etc.)
   • Each backup code can only be used once
   • These codes allow you to access your account if you lose your device

   Options for saving:

   • Click Copy All Codes to copy them to your clipboard
   • Click Download to save them as a text file

6. Complete Setup

   • Check the box confirming you've saved your backup codes
   • Click Complete Setup
   • You'll receive a confirmation email

Logging In with Two-Factor Authentication

Once 2FA is enabled, the login process changes:

1. Enter your email and password as usual
2. You'll be prompted for your authentication code
3. Open your authenticator app and enter the current 6-digit code
4. Click Verify

Tip: The code refreshes every 30 seconds. If a code is about to expire (shown by a countdown timer in most apps), wait for the next code to avoid timing issues.

Using Backup Codes

If you don't have access to your authenticator app (lost phone, new device, etc.):

1. On the two-factor verification page, click Backup Code
2. Enter one of your saved backup codes
3. Click Verify

Important Notes:

• Each backup code can only be used once
• Backup codes are case-sensitive
• You'll receive a warning email when a backup code is used
• If you have 2 or fewer codes remaining, you'll see a warning to regenerate codes

Managing Two-Factor Authentication

Regenerating Backup Codes

If you've used several backup codes or lost your list:

1. Go to Account Settings
2. In the Two-Factor Authentication section, click Regenerate codes
3. Confirm the action (this invalidates all old backup codes)
4. Save your new 10 backup codes securely

Disabling Two-Factor Authentication

Warning: Disabling 2FA makes your account less secure.

1. Go to Account Settings
2. In the Two-Factor Authentication section, click Disable Two-Factor Authentication
3. Confirm the action
4. You'll receive a confirmation email

Note: If your organization requires 2FA, you won't be able to disable it. Contact your administrator if you need assistance.

Organization-Required Two-Factor Authentication

Your organization administrator may require all users to enable two-factor authentication. If 2FA is required:

• You'll be redirected to the 2FA setup page when you log in
• You must complete setup before accessing the application
• You cannot disable 2FA yourself
• Contact your administrator if you have issues with 2FA

Troubleshooting

Code Not Working

If your authenticator code is rejected:

1. Check the time: Ensure your device's time is set to automatic/network time. TOTP codes are time-based and require accurate time
2. Wait for next code: If the code is about to expire, wait for a fresh code
3. Try a backup code: Use one of your backup codes to log in
4. Contact support: If issues persist, contact your administrator

Lost Phone or Authenticator App

If you lose access to your authenticator app:

1. Use a backup code to log in
2. Once logged in, go to Account Settings
3. Disable 2FA (you may need administrator help if required by your organization)
4. Re-enable 2FA with your new device

If you don't have backup codes and can't access your authenticator:

• Contact your organization administrator for assistance
• They may need to disable 2FA on your account

Setting Up New Device

When getting a new phone:

1. Before removing the old device:

   • Log in to your account
   • Disable 2FA in Account Settings
   • Set up 2FA again on your new device

2. If you already lost access to the old device:

   • Use a backup code to log in
   • Disable and re-enable 2FA with your new device

Pro Tip: Some authenticator apps (like Authy, Microsoft Authenticator, and 1Password) support cloud backup and sync, making device migration easier.

Security Best Practices

1. Save backup codes securely: Store them in a password manager or physical safe - not in a note on your phone
2. Keep your device secure: Use a passcode/biometric lock on your phone
3. Use cloud backup: Consider authenticator apps with cloud backup for easier device migration
4. Don't share codes: Never share your authenticator codes or backup codes with anyone
5. Regenerate after use: If you use multiple backup codes, regenerate them when you're back to normal access

Audit Trail

All two-factor authentication events are logged in the audit trail:

• 2FA enabled on account
• 2FA disabled on account
• Successful 2FA verification
• Failed 2FA verification attempts
• Backup codes regenerated
• Backup code used for login

Administrators can view these events in the organization's audit logs for security monitoring and compliance.