Two-Factor Authentication :: IXXO Documentation

> Two-Factor Authentication

Two-Factor authentication offers additional security against password theft and especially brute-force attacks against accounts secured by password only.

Two-Factor authentication can be enabled to additionally secure administrator, vendor and user accounts.

The two-factor authentication settings section:

You can enable two-factor authentication separately for administrators, vendors or users.

You can also specify a text field for the generated QR Code for the two-factor authentication.

To enable two-factor authentication for administrators, vendors or users, select the desired option and press the “Save Changes” button.

After the two-factor authentication was enabled, you can find and additional section at the administrator, vendor or user profile to activate two-factor authentication for a specific account.

Every administrator, vendor or user needs to activate two-factor authentication separately for their account; since they will need to add the generated codes to their two-factor applications on their mobile phones, tablets, etc..

When activated, administrators, vendors and users will be prompted to enter the code generated from their two-factor authentication applications on every login.

The two-factor authentication section at the admin profile page:

You can import the shared secret into your two-factor authentication application by either scanning the generated QR code or by entering the shared secret code text manually.

Press the “Reset Authentication” button to reset the current two-factor authentication setup for an account.

Press the “Verify Authentication” button to verify, if the imported shared secret generates the expected code in your application.

The two-factor authentication verify section:

After pressing the “Verify Authentication” button, a administrator, vendor or user can verify,if the imported shared secret works correctly in their application.

Press the “Review Shared Secret” button to review the current shared secret.

Press the “Enable Authentication” button to enable two-factor authentication with the current shared secret.

The enable two-factor authentication section

After the two-factor authentication for an account was activated, you will presented with a screen with the shared secret and a checkbox that shows if two-factor authentication was enabled or not.

This section will also show a recovery code after the initial activation. This recovery code can be used instead of the code generated by the two-factor authentication application in an emergency case.

Please note: The recovery code should be written down and stored at a safe location. It can be used, if the account is not accessible for some reason (e.g.: a lost or broken phone where the application was installed, etc.). The administrator, vendor or user can use it instead of the generated code to login and then either re-enable two-factor authentication or deactivate it