2FA

From Resonite Wiki
Revision as of 20:08, 20 November 2023 by Zandario (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Two Factor Authentication(2FA), is a feature within Resonite designed to increase the security of your account. It uses an industry standard system called TOTP (time-based one-time password).

Actions that support 2FA

Required

Optional

When 2FA is setup, you can optionally enable 2FA for certain actions.

  • Logging in - To set this up, send /enableLogin2FA to the Resonite Bot.

If 2FA is not setup on your account then you will still be able to perform these actions.

Setting up 2FA

2FA Applications

To get started with 2FA the first thing you'll need is to setup a 2FA application. We recommend setting this up on your phone or at least a secondary device. This is because one of the principles of 2FA is using a "second device" for 2FA. This further increases the security gains of using 2FA as it becomes more difficult for an attacker to gain access to both your computer and your second device.

Any application that supports TOTP(time-based one-time password) should work with Resonite's 2FA. To assist here's a list of some common applications that support TOTP/2FA, please always do your own research:

  • Mobile Applications
    • Authy - Supports Android, iOS and Desktop(This does require a mobile phone number for login)
    • Google Authenticator - Supports Android
  • Desktop Applications

Once you have one of these applications installed you're ready to proceed.

In Resonite Setup

Start by making sure you're logged in to your Resonite account as normal and that you've got your 2FA application nearby and ready.

On the right hand side of the Home Screen of the dash you should see a "Setup 2FA" button:

Clicking the Setup 2FA button will open the "Setup 2FA" dialog, it is comprised of a number of steps and the first step looks like this:

Codes in this screenshot were voided after writing.

This step, contains your secret code in two forms:

  1. A QR Code
  2. A Text Based Code

You need to take this code and enter it into your application of choice. We recommend the QR Code approach. Doing this is different depending on the application that you can use but usually involves pressing a "+" or "Add" button. You can view the help documentation for your application of choice if you're not sure.

Once added, the application will start showing a 2FA 6-digit code. This code will change every 30 seconds.

Once this is done click "Continue" on the dialog.

The next page will look like this:

Codes in this screenshot were voided after writing.

It contains your 10 backup codes. Backup codes are codes which can be used in case you have lost your 2FA device or application. You MUST keep these codes safe and secure somewhere. Use the "copy to clipboard" button to copy the codes to your clipboard. You can then save them to a Notepad document and then store this document safely. We recommend you store these backup codes away from/off of your primary computer. A flash drive or backup drive is a good choice.

SAVE YOUR BACKUP CODES!!!!!: IF YOU LOSE YOUR 2FA DEVICE/APPLICATION AND YOUR BACKUP CODES. THEN YOU MAY PERMANANTLY BE LOCKED OUT OF YOUR ACCOUNT

Once you have saved these codes, click "Continue" on the dialog.

This next step is designed for you to prove to Resonite that you've got everything setup correctly. You need to enter a 2FA 6-Digit code from your 2FA Application/Device. Once entered hit continue, it will validate the code you entered and if everything works out you'll see this next screen.

File:2fa-step4.png

Once that's done you're ready to go. 2FA is setup. From now on when you carry out certain actions you'll be required to enter the code from your 2FA application/device. Remember this code changes every 30 seconds.

Using a backup code

If you've lost your 2FA device or application and you have a backup code you can use this in place of any 2FA code. You can only use each code once, we recommend deleting or crossing out used backup codes to avoid confusion.

Do be careful, once all 10 are used, they're gone. If you only have backup codes, then we recommend deactivating 2FA using them and then re-activating it using a new application/device.

Deactivating 2FA

To deactivate 2FA, simply press the "Setup 2FA" button again and then enter a 2FA code or a backup code.

FAQ

Why should I use 2FA?

2FA protects certain actions in Resonite requiring you to enter an additional code from your smartphone or other device into Resonite before an action is executed. In the event that a hacker or malicious party has gained access to your account's password or computer, it is unlikely that they also have access to your second device.

As a result, it makes your account more secure by verifying your identity in multiple ways.

What about alternatives to TOTP?

We're always investigating ways to make Resonite more secure. If you want support for something like a Yubikey/FIDO Key, Email codes, Magic links, Web3 Authentication etc. then please check out GitHub. There are issues for many items so please search before creating one.

How do emergencies/disaster recovery work?

In an emergency, you can use your Backup codes to deactivate 2FA. Make sure these are stored in a safe space so you can access them should you need them.

Do you have a visual guide for this?

ProbablePrime has recorded a video tutorial for you.