Documentation
Documentation
Start typing to search…

Two-factor authentication

Strengthening authentication.

1. Explanation: Understanding 2FA

This section explains the concepts behind authentication and why a second layer of security is necessary.

Authentication vs. authorization

  • Authentication verifies who you are.
  • Authorization determines what resources you can access after your identity is confirmed.

Why use 2FA?

Standard password-based authentication is vulnerable to brute-force attacks, phishing, and man-in-the-middle exploits. Two-Factor Authentication (2FA) is a type of Multi-Factor Authentication (MFA) that requires two different types of evidence to grant access. These factors usually fall into three categories:

  1. Something you know: A password or PIN.
  2. Something you have: A smartphone or a secure USB key.
  3. Something you are: Biometrics like fingerprints or facial recognition.

By requiring a physical device (something you have) in addition to a password, 2FA ensures that even if an attacker steals your credentials, they cannot access your account without your secondary device.

2. Tutorial: Set up your first authenticator

Follow these steps to set up 2FA for the first time using a mobile application.

  1. Download an app: Install either FreeOTP or Google Authenticator from your mobile device's app store.
  2. Log in: Access your account on your computer. If 2FA has been enabled for your account by an admin, you will be prompted with a setup screen.
  3. Scan the QR code: Open your chosen authenticator app, select the option to "Add a code" (usually a + icon), and point your camera at the QR code displayed on your computer screen.
  4. Verify the code: The app will generate a 6-digit code. Type this code into the login screen on your computer and click Submit.
  5. Success: Your account is now linked to your mobile device.

3. How-to guides: Managing 2FA

Practical steps for administrative and configuration tasks.

How to enable 2FA for a user (Admin)

If you have administrative privileges, you can enforce 2FA for specific users:

  1. Click the drop-up menu at the bottom-left corner (your profile name).
  2. Select Users from the menu.
  3. Locate the specific user in the list.
  4. Click the kebab menu (three vertical dots) next to the user's name.
  5. Select Enable Two-Factor Authentication.
  6. Click OK on the confirmation prompt.

How to manually configure an app

If your camera cannot scan the QR code, you can enter the details manually in your authenticator app using the parameters found in the Reference section below.

4. Reference: Technical specifications

Detailed technical data for manual configuration and app comparison.

Supported authenticator apps

AppDeveloperLicensePlatform
FreeOTPRed HatOpen SourceAndroid, iOS
Google AuthenticatorGoogleProprietaryAndroid, iOS

TOTP configuration parameters

If manual entry is required, use the following Time-Based One-Time Password (TOTP) settings:

  • Type: Time-based
  • Algorithm: SHA1
  • Digits: 6
  • Interval: 30 seconds

Updated 15 days ago