How do I use two-factor authentication (2FA)?

In this article you will learn how to activate and successfully use two-factor authentication to increase the security of your account.


Content:

Note: You are an administrator and would like to know how to manage 2FA on your Flexopus instance? You can find more information here!

What is 2FA?

Two-factor authentication (2FA), often also called two-factor authentification, refers to the proof of identity of a user by means of a combination of two different and, in particular, independent components (factors). Typical examples are in web applications after a password and email combination (first factor):

  • PIN entry sent by SMS
  • PIN entry sent by E-Mail
  • TOTP process

TOTP process
Users install an app on their mobile device that is used for two-factor authentication for one or more web-based services. Then a web-based service can be protected by two-factor authentication by registering the app with the service as a second factor. To do this, the security server of the service and the end device exchange a string as a secret or token - e.g. by scanning a QR code with the mobile device or manually typing in a corresponding string displayed by the security server. After this first step, the secret is ideally only known to the security server and the user's personal device and should never leave this medium. After a functional test, the web service activates the two-factor authentication for the user account.

TOTP usage
If the user now wants to use the web-based service, he or she is prompted - after entering his or her user name and password - to enter a one-time password generated by the app as a second factor for authentication.

There are several apps for two-factor authentication via TOTP:
Google Authenticator, Microsoft Authenticator, andOTP, FreeOTP, FreeOTP+, etc...

2FA (two-factor authentication) is often also called MFA (multi-factor authentication). 

How can I set up 2FA as a user?

Basically, users can set up TOTP 2FA through 2 ways:

  • While the login process
    If a user is required to use 2FA, then the setup of 2FA will be offered by the Flexopus during the next possible login attempt.
  • In the Profile Settings
    If a user wants to set or change the 2FA settings individually, he or she can set this up in the profile settings in just a few steps.

Follow the steps below to set up 2FA:

It is best to set up 2FA on your PC. If you need to set up 2FA during the login process, follow the instructions from step 3.

  1. Open your Flexopus profile settings by clicking on My Profile > Settings on the left sidebar and select the "Two-factor" tab. To activate 2-factor authentication, click on the "Enable" button (see screenshot below).
  2. As soon as you have completed step 1, a pop-up window will appear on your screen (see the following screenshot). Enter your personal Flexopus user password in the input field and confirm your entry afterwards.


  3. Next, a new pop-up window appears with a QR code (see screenshot). 
    1. Now open any authenticator app on your smartphone.
      Note: If you do not yet have a 2FA authenticator app installed on your smartphone, download it now. We recommend the Authenticator app from Google.  
    2. Then scan the QR code on your computer screen. 
      Alternatively, you can also link the Authenticator app with a token.
    3. A 6-digit code is then displayed in your Authenticator app, which is valid for 30 or 60 seconds. After this time, a new code will be generated. Enter the displayed 6-digit code in the input window in the pop-up window and then confirm it.
  4. Your configuration is now complete. Each time you log in to your Flexopus account, you will need the 6-digit code. To do this, simply open the Authenticator app and enter the newly generated code.


TIP: Recovery codes are also generated in the last configuration step. You can save these codes as a file. The recovery codes are regenerated after each configuration. You can use these codes if you can no longer log in and need to reconfigure the 2FA.

R0096