What is Two-Factor Authentication
Two-factor authentication, or 2FA, is a way of logging into a web application (such as CERVIS) that requires you to provide both something you know (such as a password) along with something you have (such as a security token or authentication code). Using a password alone to log into an application is susceptible to security threats, because it represents only a single piece of information a malicious person needs to acquire to get into your account. The added security that 2FA provides is requiring two separate authentication factors to sign in to your account.
In CERVIS' case, this additional information is an authentication code that's generated by an application on your smartphone. After 2FA is enabled for an account, CERVIS requires an additional time-based authentication code any time someone attempts to sign into your CERVIS account. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
Why is Two-Factor Authentication Important
It's easier than you think for someone to steal your password
Any of these common actions could put you at risk of having your password stolen:
- Using the same password on more than one site
- Downloading software from the Internet
- Clicking on links in email messages
2FA can help keep bad guys out, even if they have your password.
Setting up your smartphone for Two-Factor Authentication
CERVIS uses an industry-standard best-practice technology called "Time-based One Time Password" (or TOTP) for implementation of our 2FA functionality. As such, before you can protect your CERVIS account with 2FA, you will need to download and install a TOTP compatible code generation app on your smartphone. If you don't already have a TOTP-compatible app installed, we recommend an app called 'Google Authenticator'. Google Authenticator is compatible with both Android and iOS devices (just search your app store for 'Google Authenticator') and is very easy to use.
Configuring a CERVIS Profile to use Two-Factor Authentication
Only CERVIS users with the "Administrator" access level can configure 2FA on an account. To configure 2FA, follow these steps:
1. Go to the desired profile and select to update the profile.
2. Scroll down to the "Two-factor Authentication" field and click on the "Enable Two-factor Authentication (Auto Key)" icon as seen in the screenshot below:
3. Once you have clicked on the "Enable Two-factor Authentication (Auto Key)" icon, CERVIS will display a popup window with a randomly generated secret key and a QR code that will be used in the next few steps of this tutorial, to scan the secret key into your TOTP Authenticator App on your smartphone.
4. To begin the process of configuring the TOTP Authenticator App on your phone to work with your CERVIS account, leave the popup window from the previous step open on your computer and pick up your smartphone and open the TOTP Authenticator app. Once TOTP Authenticator app is open on your phone, click on the "Add Account" button on the screen, as displayed in the screenshot below:
5. Select the option to add a new account by using the "Scan a barcode" option as displayed in the screenshot below:
6. Use the TOTP Authenticator App on your phone to scan the QR code presented in step 3 above (Note: DO NOT scan the code displayed in this tutorial, but the one being displayed on your CERVIS screen).
7. Once the code has been scanned into the TOTP Authenticator app on your smartphone, it will display a six-digit code that changes every minute. Enter the code from the TOTP Authenticator app on your phone into the "Authenticator Code" field being displayed on-screen in CERVIS as displayed in the screenshot below:
8. The system will validate that you have configured the TOTP Authenticator app on your smartphone to work correctly and display a message indicating success or failure.
You have now successfully configured 2FA for your CERVIS Account and will be prompted for the authenticator code the next time you sign-in to the system.
Using your 2FA Authenticator Code to sign-in to your CERVIS Account
When you are signing in to CERVIS, you will use you normal email address and password. After your email and password have been validated, you'll be prompted to enter your authentication code. Open the Authenticator app on your smartphone and enter the six-digit code as displayed below:
If you are using a trusted device that you use frequently, and you do not wish to have to provide a 2FA code every time you sign-in, you may select the "I sign in frequently on this device. Don't ask me again for a code for 30 days" option.
Removing Two-factor Authentication from your CERVIS Account
If you wish to remove 2FA from an account in CERVIS where it has been previously enabled, you can do so by clicking on the 'Disable Two-factor Authentication' icon as displayed in the following screenshot: