Two-factor authentication

Two-factor authentication provides extra protection from unauthorized access to your account. When two-factor authentication is set up, you are required to enter your password (the first factor) and a one-time code (the second factor) to log in to the service console. The one-time code is generated by a special application that must be installed on your mobile phone or another device that belongs to you. Even if someone finds out your login and password, they still will not be able to login without access to your second-factor device.

The one-time code to configure two-factor authentication for your account is generated based on the device's current time and the secret provided by the Cyber Protection service as the QR code or alphanumeric code. During the first login, you need to enter this secret to the authentication application.

To set up two-factor authentication for your account

You can and must configure two-factor authentication for your account when two-factor authentication has been enabled by an administrator for your organization. If two-factor authentication has been enabled while you are logged in to the Cyber Protection service console, you will have to configure it when your current session expires.

Prerequisites:

• Two-factor authentication is enabled for your organization.

• You are logged out of the Cyber Protection service console.

1. Choose a second-factor device.

   Most commonly it is a mobile phone, but you can also use a tablet, laptop, or desktop.

2. Ensure that the device time settings are correct and reflect the actual current time, and that the device locks itself after a period of inactivity.

3. Install the authentication application on the device. The recommended applications are Google Authenticator or Microsoft Authenticator.

4. Go to the Cyber Protection service console sign in page and set your password.

   The service console shows the QR code and the alphanumeric code.

5. Save the QR code and the alphanumeric code in any convenient way (such as, print out the screen, write down the code, or save the screenshot in cloud storage). If you lose the second-factor device, you will be able to reset the two-factor authentication by using these codes.

6. Open the authentication application, and then do one of the following:

   • Scan the QR code

   • Manually enter the alphanumeric code to the application

   The authentication application generates a one-time code. A new code will be generated every 30 seconds.

7. Return to the service console login page and enter the generated code.

   A one-time code is valid for 30 seconds. If you wait longer than 30 seconds, use the next generated code.

When logging in the next time, you can select the checkbox Trust this browser.... If you do this, the one-time code will not be required when you log in by using this browser on this machine.

What if...

...I lost the second-factor device?

If you have a trusted browser, you will be able to log in by using this browser. Nevertheless, when you have a new device, repeat steps 1-3 and 6-7 of the above procedure by using the new device and the saved QR code or alphanumeric code.

If you have not saved the code, ask the administrator or service provider to reset the two-factor authentication for your account, and then repeat steps 1-3 and 6-7 of the above procedure by using the new device.

...I want to change the second-factor device?

When logging in, click the Reset two-factor authentication settings link, confirm the operation by entering the one-time code, and then repeat the above procedure by using the new device.