Two-factor authentication (or 2FA) adds an extra layer of protection to your website and is a reliable and effective system for blocking unauthorised access. With 2FA enabled, the likelihood of unauthorised individuals gaining access to your website is significantly reduced, which is particularly crucial for protecting you and your customers' data.
There are two methods for using 2FA that we’ve integrated with – An Authenticator App and having a code sent via email.
Using An Authenticator App
This is set up on a per user basis. It would then be the decision of your organisation whether it is rolled out to all of your community on your website.
The first step for 2FA is usually a password (the same way as you log in now) and the second step is a code which can be accessed via an Authenticator App such as Google Authenticator. You may already be used to using something like this for your bank account (often referred to as an OTP/one-time passcode).
To enable 2FA first log in as an Administrator, then head to “My Account” from your main navigation and then select the “Two-Factor Authentication” tab.
Follow the instructions on the page to set up an authenticator app, if you have a smartphone, as this will be necessary to receive passcodes. With an authenticator app, you can get security codes even if your phone is not connected to a network, allowing you access to your website at any time.
Scan the QR code, click on the link shown and the passcode will appear in the authenticator app. Once you have entered the passcode you will see confirmation that two-factor authentication has been enabled on your account and a recovery code will be provided.
You will need to print or write down the recovery code. This will be essential if your smartphone with the authenticator app is ever lost, broken or changed. There is also a contact number for our support team if you lose, or do not have access to, the recovery code.
The next time you log in you will be asked to enter the 6-digit code shown in your authenticator app. Enter the code as displayed either click enter or on the ‘Validate Code’ button.
A checkbox is also displayed which you can check, and you will then not be asked to enter a code for the next 14 days.
If you cannot access your device or the authenticator app then you can use the recovery code option.
Using Email
If you do not have a smart phone or authenticator app, you can choose to have the security code sent to you via email by clicking on the “Email” tab in the “Two-Factor Authentication” page as above. Please note this is the least secure but easiest method of 2FA to use. It is the least secure method because if your email is hacked, any hacker would have access to the security code for your website.
Click on the “Enable Two-Factor Authentication” button and a confirmation will appear that this has been immediately set up. The next time you log-in you will be asked to enter the 6-digit security code which will have been sent to your email. Enter the code as displayed and either click enter or on the ‘Validate Code’ button.
A checkbox is also displayed which you can check, and you will then not be asked to enter a code for the next 14 days.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article