Jump to content

Guides

Two Factor Authentication

Increasing the security of your site, over the usual login layer, can be an important factor for many users. Whether this be for everyone, or just for the extra security of admin areas on your site. 

Two factor Authentication allows you to add an extra layer of security to your site, by allowing you to add another form of login, such as security questions, or even text message authentication. 

Overview

All two factor authentication settings can be found within the following location in your ACP

System -> Settings -> Two Factor Authentication

There are 3 different methods of 2 factor authentication, each of which are discussed below. When one of these is set up by the user, it will prompt the user for one of these secondary items after they have logged in. 

2018-10-04_15-06-11.png

2 Factor on login

The user can set up these items from their security settings in Account Settings -> Security settings. Here you can see I already have security questions set up. I can amend these using the option provided, or activate another if one is available.

2f2.png

Account Settings Area

When setting up these, the system will ask you any details required for you to set up that option. Here the system is asking us for 3 security questions.

2f1.png

Question Setup

Authentication Types

In the default setup of the platform, there are 3 authentication types which you can allow (or even force) people to use on your site. These can all be seen within the following location of your ACP, and can be enabled by selecting the icon at the side of the relevant icon

System -> Settings -> Two Factor Authentication

2018-10-11_10-08-08.png

Click to Enable/Disable

Authy

The Authy method of authentication will allow users to authenticate via text message, phonecall, or by the Authy app which can be downloaded to the users phone. In order to set up authy, you would need to get an API key from the authy site

https://dashboard.authy.com/signin

Once you have this, add the API key in the location provided, and set up which options you wish to use for this. 

2018-10-11_09-29-29.png

Authy Settings

Google Authenticator

Google authenticator will allow people to authenticate on the site using the google authenticator application on mobile (downloadable from the app store/play store). The only settings for this are which groups that can use it. Other than this, it simply needs switching on. No other configuration is needed. 

When the user initially sets this up, they will be given a barcode to scan with the authenticate application. This will in turn, give a code to be entered into the site. Each time the user then enters the site, they will be asked for the code on their application, which will change every few seconds and is unique to that individual account

2018-10-11_09-50-39.png

Google Authentication Setup

Security Questions

Setting up security questions for use will allow the user to answer any of the questions you have set up in their settings, and then be prompted to provide that same answer to a random one of those questions on login. On the settings page, you can set whether or not you wish for this to be mandatory, along with how many questions you want them to set up. 

You will find on the questions tab, there are some pre-populated questions which are set up within the stock installation for your use. You can delete, edit, or add to these questions from this page

 2018-10-11_09-58-38.png

Question Creation

Settings

On the main settings page for Two Factor Authentication, you will find many different options relating to how this will work on your site. This includes the ability to set up groups in which setting up 2 factor authentication is mandatory, which can often be an important security consideration where groups have more access. For example, you may wish for the administrators group to have to set up 2 factor authentication.

In addition, here you can set up what prompts 2 factor authentication. So it may be that you want people to use this when logging into the ACP and changing passwords only, for example.

Edited by Marc Stridgen

  Report Guide


×