2FA
Two Factor Authentication (2FA)
It's possible to use 2FA from GUI's version 20.
Be sure you have synchronized time on your GUI's server because 2FA pins(codes) are time limited.
Settings in the GUI
- user with admin permissions can activate 2FA's requirement for concrete user (in GUI->Users & Audit). When this user logs after this setting, then 2fa setup is required.
- admin user can delete actual 2FA secret from user's account (in GUI->Users & Audit)
- user can change/setup its 2FA secret in the section GUI->User settings->Change user auth. This option joins the password and the 2FA setting.
- follow the setup dialog
Setting of the 2FA code generator
you can use various 2FA applications:
- Google Authenticator for Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
- Google Authenticator for IOS https://itunes.apple.com/cz/app/google-authenticator/id388497605?mt=8
- Google Authenticator as plugin for Chrome Browser https://chrome.google.com/webstore/detail/google-authenticator/njkhnbmlaefgkjpaghgphiceaocdblgl
- Authenticator plugin for Firefox https://addons.mozilla.org/en-US/firefox/addon/auth-helper/?src=search
Import account setting from QR code into yours application and start to use it.
Problem solving
- manual disabling of 2FA authentication for concrete user can be done directly in the database
update users set secret = null, req_2fa = 0 where username = 'USER';