...
| Tip | ||
|---|---|---|
| ||
Ask your local IT service desk if they can enable two-factor authentication on their side. This way it can be used for institutional accounts that log in via SURFconext. |
Contents
Make sure to follow all the steps below to make sure you will always be able to log in to Research Drive when you have enabled two-factor authentication.
| Table of Contents | ||
|---|---|---|
|
Configuration
In order to enable two-factor authentication with TOTP, several steps need to be taken for configuration.
Download an authenticator app from your app store
A special TOTP app is required to enable authentication using your phone. Go to you App Store or Play Store to download an app with the required capability. Good examples are Google Authenticator or Microsoft Authenticator, but generally any authenticator app will suffice.
Enabling the app
After logging in to Research Drive, go to the 'Settings' page via the top-right menu and click on 'Security' in the left-side menu. On the top of the page you will now see the 'TOTP Second-factor Auth' section. Check the 'Activate TOTP' option to enable the 2FA app of Research Drive.
Locate the QR code
A QR code will be shown on your screen which includes information to set up the TOTP authentication step.
Scan the QR code
Open your authenticator app on your phone and locate the add account button (e.g. a '+' button). This will open a barcode scanner which allows to scan the QR code on your computer screen. Once successfully scanned, the account is automatically added to your authenticator app on your phone.
Verify your authenticator password code
In the same Research Drive settings screen, fill in the code shown in your phone app in the 'Authentication code' text field and click 'Verify'. You now have successfully enabled two-factor authentication for your account.
| Warning | ||
|---|---|---|
| ||
After verification two-factor authentication is active and is required during log in. Without the second factor you will not be able to get into Research Drive. Make sure you have your app ready when using Research Drive and have backup code available in case something goes wrong. |
Generate backup codes
In case your phone gets lost, the authenticator app malfunctions or your account in the phone app was deleted, you will no longer be able to log in to Research Drive. To avoid being locked out, some backup codes can be generated that will allow access and reset your 2FA setup in Research Drive. Click on the 'Generate codes' in the 'Second-factor backup codes' section in the settings overview in Research Drive.
Store your backup codes somewhere safe
The generated codes can be copied and should be stored somewhere safe, on a different machine, phone or in your credential storage application. Simply select the codes and copy them to your clipboard.
Authentication using 2FA
| Tip | ||
|---|---|---|
| ||
This will only work for local accounts. For institutional (SURFconext) accounts contact your local IT service desk to see the possibilities. |
Now that you have set up two-factor authentication and generated and stored your backup codes you are ready to log in. After entering your user name and password, you will be ask to either enter backup codes or to authenticate using your authenticator (TOTP) app.
Authenticate using your authenticator app
Open your authenticator app and locate the code for the corresponding Research Drive account. Fill in the code in the text field in your browser.
Authenticate using a backup code
In case you no longer have access to the authenticator app and/or the corresponding account, you can use a backup code you have stored somewhere safe. Fill in a code in the text field in your browser.
...
| Note | ||
|---|---|---|
| ||
Please note that a backup code can only be used once! |
Disabling two-factor authentication
To disable two-factor authentication and make sure you can log in solely using your user name and password, go to the 'Settings' page via the top-right menu and click on 'Security' in the left-side menu. On the top of the page you will see the 'TOTP Second-factor Auth' section. Uncheck the 'Activate TOTP' option to disable two-factor authentication.
...