Two-Factor Authentication

Two-Factor Authentication Guide

Complete guide to configuring and using two-factor authentication (2FA) for enhanced account security.

Table of Contents

  1. 2FA Overview
  2. Authentication Methods
  3. Setting Up 2FA
  4. Managing Trusted Devices
  5. Using Backup Codes
  6. Troubleshooting

2FA Overview

What is Two-Factor Authentication?

Two-factor authentication (2FA) adds an extra layer of security to your account by requiring two forms of verification:

  1. Something you know: Your password
  2. Something you have: A code from an authenticator app, SMS, email, or backup code

Why Enable 2FA?

  • Enhanced Security: Even if someone obtains your password, they cannot access your account without the second factor
  • Protection from Unauthorized Access: Your account remains secure even if your password is compromised
  • Compliance: Many security standards require 2FA for sensitive systems
  • Peace of Mind: Know your account is protected with industry-standard security

Recommended Configuration

For maximum security, enable at least two of the following methods:

  1. Authenticator App (TOTP) - Primary method
  2. Backup Codes - For emergency recovery
  3. SMS or Email - Secondary option

Authentication Methods

Authenticator App (Recommended)

Best for: Daily use, most secure option

Authenticator apps generate time-based codes that change every 30 seconds. Recommended apps:

  • Google Authenticator (iOS, Android)
  • Microsoft Authenticator (iOS, Android)
  • Authy (iOS, Android, desktop)
  • 1Password (built-in authenticator)

Benefits:

  • Works offline
  • No reliance on phone service or email
  • Most secure option
  • Fast code generation

Setup Process:

  1. Select "Authenticator App" from 2FA settings
  2. Scan the QR code with your authenticator app
  3. Enter the 6-digit code to verify
  4. 2FA is now enabled

SMS Verification

Best for: Users who prefer text messages

Benefits:

  • No app installation required
  • Codes sent directly to your phone
  • Familiar process

Setup Process:

  1. Select "SMS Verification" from 2FA settings
  2. Enter your phone number and country code
  3. Enter the verification code sent to your phone
  4. SMS 2FA is now enabled

Requirements:

  • Mobile phone with SMS capability
  • Phone service coverage

Email Verification

Best for: Backup method or users without mobile phones

Benefits:

  • No additional setup required
  • Uses your account email
  • Reliable backup option

Setup Process:

  1. Select "Email Verification" from 2FA settings
  2. Click "Send verification code"
  3. Enter the code sent to your account email
  4. Email 2FA is now enabled

Backup Codes

Best for: Emergency recovery, required for account recovery

Benefits:

  • Works without phone or internet
  • Store offline for emergencies
  • Each code can be used once

Setup Process:

  1. Select "Backup Codes" from 2FA settings
  2. Generate and display 10 random codes
  3. Important: Save codes in a secure location
  4. Codes cannot be recovered - regenerate if lost

Setting Up 2FA

First-Time Setup

  1. Navigate to Settings

    • Go to /settings/two-factor
    • Ensure you're logged into your account

  2. Choose Your Primary Method

    • Authenticator App (recommended)
    • SMS Verification
    • Email Verification

  3. Configure Your Method

    • Follow the prompts for your chosen method
    • Enter verification code to confirm

  4. Generate Backup Codes

    • Always generate backup codes after setting up 2FA
    • Store them securely (password manager, safe, etc.)

  5. Setup Complete

    • Your account now has enhanced security
    • You'll be prompted for 2FA on each login

Login Process with 2FA

  1. Enter your email and password
  2. Select your 2FA method (if multiple are configured)
  3. Enter the verification code
  4. Optionally check "Remember this device for 30 days"

Remembering Devices

For convenience, you can trust a device to skip 2FA for 30 days:

  1. Check "Remember this device" during login
  2. A secure cookie is stored on your browser
  3. 2FA is skipped for future logins on that device
  4. After 30 days, you'll be prompted again

Security Note: Only trust personal devices. Don't trust shared or public computers.

Managing Trusted Devices

Viewing Trusted Devices

  1. Go to /settings/two-factor
  2. Scroll to "Trusted Devices" section
  3. View all devices that can skip 2FA

Removing a Trusted Device

  1. Find the device you want to remove
  2. Click the trash icon
  3. Confirm removal
  4. The device will require 2FA on next login

Removing All Trusted Devices

Use this option if you suspect unauthorized access:

  1. Click "Remove all" in the Trusted Devices section
  2. Confirm the action
  3. All devices will require 2FA on next login

Using Backup Codes

When to Use Backup Codes

Use backup codes when:

  • You don't have access to your authenticator app
  • Your phone is unavailable or has no service
  • You can't receive SMS or email codes
  • You're locked out of your primary 2FA method

How to Use Backup Codes

  1. During login, select "Backup Code" as your 2FA method
  2. Enter one of your saved backup codes
  3. Each code can only be used once
  4. After using a code, regenerate new ones

Regenerating Backup Codes

If you've used some codes or lost them:

  1. Go to /settings/two-factor
  2. Find "Backup Codes" in configured methods
  3. Click "Regenerate"
  4. Warning: Old codes will be invalidated
  5. Save new codes in a secure location

Best Practices for Backup Codes

  • Store securely: Use a password manager or physical safe
  • Don't reuse codes: Each code is single-use
  • Regenerate after use: Generate new codes after using any
  • Keep accessible: Store where you can access in emergencies
  • Don't share: Never share your backup codes

Troubleshooting

Can't Receive SMS Codes

Possible causes:

  • Incorrect phone number
  • No cellular service
  • Carrier blocking short codes

Solutions:

  • Verify your phone number in settings
  • Use a different 2FA method (authenticator app, email)
  • Check with your carrier about short code blocking

Authenticator App Codes Not Working

Possible causes:

  • Time sync issue on your device
  • Incorrect code entry
  • Wrong authenticator app

Solutions:

  • Check your device's time is set to automatic
  • Ensure you're entering the code before it expires (30 seconds)
  • Try a different authenticator app

Lost Access to All 2FA Methods

If you've lost access to all your 2FA methods:

  1. Contact Support: Reach out to your agency administrator
  2. Account Recovery: Admins can disable 2FA to allow account access
  3. Setup 2FA Again: After recovery, reconfigure 2FA methods

Account Locked Due to Failed Attempts

After multiple failed 2FA attempts, your account may be temporarily locked:

  1. Wait 15 minutes for the lockout to expire
  2. Try again with the correct code
  3. If problem persists, contact support

Codes Not Arriving in Email

Possible causes:

  • Email in spam folder
  • Email service delay
  • Incorrect email address

Solutions:

  • Check spam/junk folder
  • Wait up to 5 minutes for delivery
  • Verify account email is correct

Security Best Practices

  1. Enable Multiple Methods: Use at least two 2FA methods
  2. Save Backup Codes: Always generate and save backup codes
  3. Test Your Setup: Verify 2FA works before relying on it
  4. Keep Codes Secure: Never share your verification codes
  5. Update Methods: Regularly review and update 2FA settings
  6. Monitor Trusted Devices: Periodically review and remove unknown devices

Related Topics