Setup Two-Factor Authentication
Useful How-To video available here: https://www.rootshellsecurity.net/how-to-videos/
Initial Setup
Once you have created your password and logged in through the initial login screen, you will be prompted to set up two-factor authentication (also known as ‘2FA’).
IMPORTANT NOTE: It is essential that the time on your mobile device is accurate.
An inaccurate time on a mobile device will cause authenticator app(s) to generate incorrect codes.
→ It is recommended your mobile device is configured to receive time automatically ←
Android-based Devices - Android OS
iOS-based devices - Apple iOS
This is a security step to ensure your account is protected beyond just an email and password. Once the 2FA registration process is complete, each time you login into the platform you will be asked to enter the 2FA code after you’ve provided a valid email address and password.
To use 2FA you’ll first need to download an authenticator app to your smartphone from the App Store (iOS) or Google Play (Android). The authenticator app provides you with a one-time 2FA passcode each time you log in.
It’s free and quick to set up an authenticator app for your smartphone. the platform has been tested to work with the following 2FA authenticator apps:
Twilio Authy
LastPass Authenticator - please note this is a separate app to ‘LastPass’; which is a password manager
Google Authenticator
Microsoft Authenticator
Once you have downloaded and installed your chosen authenticator app, follow the steps below:
Step 1: Scan the QR code presented to you in the the Platform. Most authenticator apps in both iOS and Android smartphones will allow you to take a picture of the QR code on the screen by the platform. After you have created the MFA account on your smartphone’s authenticator app, select ‘Confirm Setup’ in the the Platform (see below screenshot)
Step 2: Next, you are presented with a Backup Code. Please note this code down safely and securely. You will need this code should you ever lose access to your authenticator app (e.g. you lost your phone or you accidentally deleted the 2FA account). Once you’ve noted the Backup Code, select ‘Confirm Setup' (see below screenshot)
IMPORTANT: Without a 2FA Backup Code, you will need to contact your the platform administrator to have your 2FA account reset. Therefore please ensure you store this code safely and securely.
Step 3: Next, you are now asked to enter the 6-digit code from your smartphone’s authenticator app. The code in your app will change every 60 seconds (see below).
NOTE: You will need to enter a 6-digit code from your smartphone’s authenticator app each time you want to log into the platform
Reset Your 2FA
If you ever need to reset your two-factor authentication, perhaps because you’ve deleted the 2FA account on your smartphone’s authenticator app, or you’ve lost your smartphone, you can follow these steps to reset your 2FA.
Step 1: You must first log into the platform with your valid email address and password before you have the option to ‘Reset 2FA’ (see below)
Step 2: When asked for your authentication code, select the ‘Reset 2FA’ option instead. (see below)
Step 3: Enter your Backup Code when asked. This is the Backup Code you should have recorded during initial account setup, as described above in Step 2 under Initial Setup (see below)
NOTE: If you have lost your 2FA Backup Code, you will need to contact your the platform administrator to have your 2FA account reset.
Step 4: If your Backup Code is accepted, you can now recreate a new 2FA account on your smartphone’s authenticator app. From this point, you can follow from Step 1 under Initial Setup