OPAS and Gift-Aid:Admin Manual/Two Factor Authentication: Difference between revisions
Added screenshots for Microsoft Authenticator app |
Added Remember Device section |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
* Regenerate your 2FA recovery codes | * Regenerate your 2FA recovery codes | ||
Please click <code>Enable Two Factor Authentication</code>. | Please click <code>Enable Two Factor Authentication</code>:<br>[[File:2fa_step_1.png]] | ||
In this popup there will be a QR code (image on the left of the popup) which you can use to register your Authenticator app with your OPAS account. | A popup will appear. In this popup there will be a QR code (image on the left of the popup) which you can use to register your Authenticator app with your OPAS account:<br>[[File:2fa_step_2.png]] | ||
=== | === Add OPAS to your Authenticator App === | ||
There are many Authenticator apps available for mobile but we suggest '''Google Authenticator''' or '''Microsoft Authenticator''': | There are many Authenticator apps available for mobile but we suggest '''Google Authenticator''' or '''Microsoft Authenticator''': | ||
==== Google Authenticator ==== | ==== Google Authenticator ==== | ||
'''1. Install the Google Authenticator app:'''<br>[[File:GooglePlay.png|link=https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2]][[File:AppleStore.png|link=https://apps.apple.com/us/app/google-authenticator/id388497605]] | |||
'''2. Click the <code>+</code> (plus) button on the bottom-right corner:'''<br>[[File:Google_Authenticator_step_1.png]] | |||
'''3. Choose <code>Scan a QR code</code>:'''<br>[[File:Google_Authenticator_step_2.png]] | |||
'''4. The camera will be turned on, focus and frame the QR code on your screen with your phone camera''' | |||
'''5. A code will appear on the app, with the name <code>OPAS Authentication</code>'''<br>[[File:Google_Authenticator_step_3.png]] | |||
==== Microsoft Authenticator ==== | ==== Microsoft Authenticator ==== | ||
'''1. Install the Microsoft Authenticator App:'''<br>[[File:GooglePlay.png|link=https://play.google.com/store/apps/details?id=com.azure.authenticator]][[File:AppleStore.png|link=https://apps.apple.com/us/app/microsoft-authenticator/id983156458]] | |||
'''2. Click the QR icon button on the bottom-right corner:'''<br>[[File:Microsoft_Authenticator_step_1.png]] | |||
'''3. The camera will be turned on, focus and frame the QR code on your screen with your phone camera''' | |||
'''4. <code>OPAS Authentication</code> will appear on the app. If you click that name, you will see a code:'''<br>[[File:Microsoft_Authenticator_step_2.png]] [[File:Microsoft_Authenticator_step_3.png]] | |||
This <code>OPAS Authentication</code> code is a 6-digit numeric code which is renewed every minute, as indicated by the timer next to it. | This <code>OPAS Authentication</code> code is a 6-digit numeric code which is renewed every minute, as indicated by the timer next to it. | ||
=== | === Enter an Authenticator code === | ||
On the right of the popup is a field to enter one of these 6-digit numeric codes. You must enter the code as it appears on your Authenticator app and click <code>Confirm</code>. | On the right of the popup is a field to enter one of these 6-digit numeric codes. You must enter the code as it appears on your Authenticator app and click <code>Confirm</code>:<br>[[File:2fa_step_3.png]]<blockquote>'''Note: Please make sure you enter the code within the time period. If it ends, a new code will appear and you must enter this instead.'''</blockquote>If you entered the code correctly, you will have a confirmation on the popup that Two Factor Authentication has been enabled:<br>[[File:2fa_step_4.png]] | ||
=== Save your Recovery Codes === | |||
You will also see your recovery codes. These are 8 codes which you can use as an alternative, when you cannot access your Authenticator app codes. Please keep these in a safe place. There are options for copying the codes to the clipboard, print or download them onto a text file.<blockquote>'''Note: all recovery codes are single-use. Please erase any recovery codes you use for logging-in'''</blockquote> | |||
== How to log-in with 2FA == | |||
You still need to enter you email and password as usual. If you have 2FA enabled, you will be presented with a new screen where you need to enter a code from your Authenticator app:<br>[[File:2fa_step_5.png]]<blockquote> | |||
You | |||
'''Note: | '''Note: Please make sure you enter the code within the time period. If it ends, a new code will appear and you must enter this instead.'''</blockquote> | ||
If you do not have access to the Authenticator app at that moment, please click <code>Use a recovery code</code>. On this screen you can enter one of your recovery codes:<br>[[File:2fa_step_6.png]]<blockquote>'''Note: all recovery codes are single-use. Please erase any recovery codes you use for logging-in'''</blockquote> | |||
To go back to using an Authenticator app code, please click <code>Use a code from your authenticator app</code>. | |||
== Remembering Your Device == | |||
During login you can tick the <code>Remember me on this device for 30 days</code> checkbox so you do not need to enter a 2FA code on the browser you are using. | |||
If you would like OPAS to forget your browser, or all browsers you set to remember, click the relevant link on the 2FA box in your profile page:<br>[[File:2fa_step_7.png]] | |||
Latest revision as of 10:24, 23 January 2025
What is Two Factor Authentication?
Two factor authentication (2FA) is a security method that requires two forms of identification to access data and resources. It's also known as multi-factor authentication (MFA) or 2-step verification (2SV).
2FA adds an extra layer of security to your accounts, making it harder for cybercriminals to access your data. It's available on most major online services, including banking, email, and social media.
How does 2FA work?
- You provide your email and password to log in
- You receive a code via an Authenticator app on your mobile
- You enter the code to verify your identity
- Should you not have access to your mobile at the time, you enter one of your recovery codes
How to enable 2FA?
2FA can be enabled in your profile page, which you can access by clicking you name on the top-right corner of OPAS
At the bottom of your profile page, you will see the Two Factor Authentication box where you can:
- Enable 2FA
- Disable 2FA
- Regenerate your 2FA recovery codes
Please click Enable Two Factor Authentication:
A popup will appear. In this popup there will be a QR code (image on the left of the popup) which you can use to register your Authenticator app with your OPAS account:
Add OPAS to your Authenticator App
There are many Authenticator apps available for mobile but we suggest Google Authenticator or Microsoft Authenticator:
Google Authenticator
1. Install the Google Authenticator app:
2. Click the + (plus) button on the bottom-right corner:
3. Choose Scan a QR code:
4. The camera will be turned on, focus and frame the QR code on your screen with your phone camera
5. A code will appear on the app, with the name OPAS Authentication
Microsoft Authenticator
1. Install the Microsoft Authenticator App:
2. Click the QR icon button on the bottom-right corner:
3. The camera will be turned on, focus and frame the QR code on your screen with your phone camera
4. OPAS Authentication will appear on the app. If you click that name, you will see a code:
This OPAS Authentication code is a 6-digit numeric code which is renewed every minute, as indicated by the timer next to it.
Enter an Authenticator code
On the right of the popup is a field to enter one of these 6-digit numeric codes. You must enter the code as it appears on your Authenticator app and click Confirm:
Note: Please make sure you enter the code within the time period. If it ends, a new code will appear and you must enter this instead.
If you entered the code correctly, you will have a confirmation on the popup that Two Factor Authentication has been enabled:
Save your Recovery Codes
You will also see your recovery codes. These are 8 codes which you can use as an alternative, when you cannot access your Authenticator app codes. Please keep these in a safe place. There are options for copying the codes to the clipboard, print or download them onto a text file.
Note: all recovery codes are single-use. Please erase any recovery codes you use for logging-in
How to log-in with 2FA
You still need to enter you email and password as usual. If you have 2FA enabled, you will be presented with a new screen where you need to enter a code from your Authenticator app:
Note: Please make sure you enter the code within the time period. If it ends, a new code will appear and you must enter this instead.
If you do not have access to the Authenticator app at that moment, please click Use a recovery code. On this screen you can enter one of your recovery codes:
Note: all recovery codes are single-use. Please erase any recovery codes you use for logging-in
To go back to using an Authenticator app code, please click Use a code from your authenticator app.
Remembering Your Device
During login you can tick the Remember me on this device for 30 days checkbox so you do not need to enter a 2FA code on the browser you are using.
If you would like OPAS to forget your browser, or all browsers you set to remember, click the relevant link on the 2FA box in your profile page: