Two-factor authentication (2fa) provides a method of identification that is more secure than traditional passwords. This increase in security is gained by requiring two separate pieces of identification to access an account: a user-known traditional password plus a second method of identification. ThreatSTOP has decided to use a time-based one-time password for our second method. To do this at the time the 2fa is setup, a QR code is generated and displayed on your screen. You can then use the Google Authenticator app on your phone (Android, Blackberry or iPhone) to scan it. This will automatically add 2fa to your Google Authenticator app and will provide a code to verify a successful setup.
The following will be needed to setup two-factor authentication with ThreatSTOP’s servers:
- An active ThreatSTOP account
- A smartphone with Google Authenticator installed and associated with your Google Account.
The steps below are written from the perspective of having already logged into your ThreatSTOP account on the portal. The installation steps for smartphones vary slightly between Android and iOS, this guide will cover both.
- Click on My Account.
- Check the box next Use Time Based One Time Password under the Two Factor Authentication section. A pop-up containing a QR code will appear. The following steps will need to be performed on your cellphone.
Setup Steps for Android Devices
- Launch Google Authenticator.
- Tap the three dots in the upper right portion of the screen to open the menu.
- Then tap on Set up account.
- Under Manually add an accounttap Scan a barcode.
- Scan the QR code on your screen, this will add an entry to your Google Authenticator app under the heading ThreatSTOP, this will present a randomly generated number that is replaced every 60 seconds.
Setup Steps for iOS devices
- Launch Google Authenticator
- Tap the plus (+) icon at the top of the display.
Select Scan barcode as your method of entry
Scan the QR code on your screen, this will add an entry to your Google Authenticator app under the heading ThreatSTOP, this will present a randomly generated number that is replaced every 60 seconds.
Last Step (Back to the Portal)
- To finish synchronizing with your device, enter the code on your phone into the Enter your code field in the user portal and click Verify. This will synchronize your two factor device with ThreatSTOP’s servers.
- You will want to verify everything has been setup by following the instructions in Testing Your Two-factor Authentication.
Testing Your Two-factor Authentication
Verifying your two-factor authentication is working is as simple as logging out of your account, and logging back in. After entering your password you’ll be presented with a new Verification code entry box. Simply enter the code from the Google Authenticator app on your phone and you’ll be taken into the user portal as normal.
What if I lose my device? Or the synchronization fails?
If you are lost your device configured with the Two-Factor authentication key, click the Lost your second factor device? link from the verification code screen and a one-time use password will be sent to the email associated with your account. This will allow you to sign-in once and reconfigure a new 2FA device.