This guide is aimed to help users understand two-factor authentication and how to implement this for added security to their account.
What is Two-Factor Authentication (2FA)?
Two-Factor Authentication (2FA) is a common security measure put in place by companies looking to keep their users data secure from attackers.
This measure, when implemented, allows for an additional measure of login prior to viewing or making any changes within an account (even if they know the users password). With this added security bonus does come the need for the actual user to maintain their 2FA device that they setup 2FA with, or at the very least keep the Backup Code written down somewhere save in case it's ever needed.
How does it work?
When setting up 2FA you will be provided with a bar code (or alternatively a key) that you will use to scan and add your 2FA account. Every time you attempt to login to your account you will first be required to enter your password, as normal. Once you enter the correct password you will then be asked to enter a six-digit code that is provided within your 2FA authenticator app.
This code is generated randomly and only last but a few seconds.. meaning that the user needs to be quick about entering their 2FA code on the login screen.
Without 2FA an attacker could potentially brute force their way into your account by trying randomly generated passwords. With 2FA enabled it removes the worry of a brute force intrusion for your account.
How do I enable it on my account?
Two-Factor authentication can be enabled for any primary account (currently not available with sub-accounts). To enable this security feature follow the steps below:
Once logged in click the Hello drop-down from the navigation menu, then select Security Settings.
In the section labeled Two-Factor Authentication click the button 'Click here to enable'.
You should receive a setup process message stating you will be required to login with a 2FA code each time you attempt to login. Click Get Started to continue.
Next you will receive a barcode and a secret key. You can use either of these to add this account to your 2FA app. If you do not have a 2FA authentication app already, then we recommend using the Google Authentication app available in IOS and Android app stores.
Using your authentication app either scan the barcode or enter the secret key manually until it gives confirmation that it was added successfully.
Click the Confirm button in your client area once you finish the above step.
Your authentication app should now show a six-digit code. Enter this code in the Verification Step field that should be visible in your client area at this time.
Click the Confirm button once you enter the code successfully.
You should now see a confirmation that 2FA has been setup successfully. You should also receive a Backup Code on this page.
In the event that you lose the device you used for 2FA authentication this code will be used to login to your account. Write down this backup code somewhere safe to you and that you will have access to.