What is Two-Factor Authentication (2FA)?
Two-factor authentication adds an additional layer of security to your BBJT client area by adding an additional step to your login. In addition to something you know (i.e. your password) it adds something you have, or second factor, based on something you possess - which in this case will be an App on your mobile phone or desktop.
Since both are required to log in, even if an attacker has your password they can't access your account unless they also possess your phone for example.
Why is Two-Factor Authentication necessary?
Passwords are often compromised when mobile devices or computers are infected with malware or stolen - or when insecure networks are used to retrieve passwords by email. They can often be guessed, they usually don't change very often, and despite advice otherwise, many of us use the same password for multiple things. So two-factor authentication gives you additional security because your password alone no longer allows access to your account
What Type of 2FA does BBJT support?
Currently, we support the open-source OAuth service (external link opens in a new window), simply because it is free to implement for our customers and is in widespread use. All that is required is an App that supports the creation of OTP (One Time Password) tokens. This simply means that the App produces a 6 digit number that changes every 30 seconds. This number is entered along with your usual client area login password.
While there are a lot of apps that do this, we tested and like Authy (external link opens in a new window) - which has versions for iPhone & Android devices as well as desktop versions for Mac & PC and a Chrome browser extension.
- You'll need to have a 2FA app like Authy (external link opens in a new window) installed before you'll be able to complete this process.
- Login to your BBJT Client Area, hover over your name and then click on Security Settings.
- Under Two-Factor Authentication Click Click here to Enable Then Get Started.
You'll now see first the 2FA setup screen. Follow the steps:
1) Scan this code with your Two-Factor Authentication (2FA) App
Open your 2FA app and follow the app's instructions to add a new account. Authy have instructions for adding a new account (external link opens in a new window) on different devices.
Once you've scanned the QR Code or entered the displayed text code, the new account should be added in your app and generating One-Time Password (OTP) codes.
2) Enter authentication code
Enter a valid code from your app and click Submit.
- Finally, make a note of the backup code given - you can use this to log in should you not have access to the app to generate an OTP code. Click Close to complete setup of 2FA.
Unable to create a 2FA code or use a backup code
If you're unable to generate a 2FA code - maybe you've changed phones or no longer have access to the 2FA - and you don't have access to your backup code you'll need to contact support and supply the required ID and we will disable it for you.