Enabling two factor authentication (2FA)
Two factor authentication or 2FA is a more secure method of authentication.
A password is something you know (1 factor); while 2FA is something you know and something you have. In this case, the password is something you know and your phone is something you have. In fact you are probably familiar with two factor authentication already if you use online banking. It’s the little code that you get sent via SMS and need to enter back into the website to authorise some action.
While it’s not too crazy hard to steal a password from an unsuspecting online user in some way, it’s a lot harder to do both, steal their password and get access to their phone.
Why do I need this?
For one, this is a mandatory requirement for all moderators, to keep your data and their accounts secure. As for other users, the more you post and contribute to the forum the more ‘trust’ you earn. Once the trust is high enough, you will automatically have access to private threads that are not visible or accessible by other users. We take your data security pretty freaking seriously, so we suggest you enable two-factor authentication on your forum account, to protect your private data and other users who may be posting a lot more personal data and stories in private threads.
Make sure you are logged in to the forum.
Install Google Authenticator app on your phone.
Rather than sending SMS, this application will generate and change codes over time. This code will be required to login to the website. You won’t need to do it every time you visit the forum, but you will need to add a code when you login from a different device.
We will sync this application to the forum in later steps.
Click on your avatar (profile icon) and then on the settings button.
Click the 2FA edit button, just under the ‘password’ area.
Enter your password and click ‘continue’.
On your phone, start the Google Authenticator app and scan the QR code on the screen (#1).
If you are using your phone to do this – you can click the ‘enter manually’ link instead, but it’s a lot of typing. I would do it from a PC or using two separate phones, to be able to scan the screen.
You phone will show you a code – enter that code into the code field (#2) and click the ‘enable’ (#2) button.
You are done. You can test this out by logging out and back in. You will be prompted for a code.
Step 8: Backup
It may be that your phone is broken or unavailable, in this case, you can pre-generate some codes for later use. These are one use codes, so once you use one, you won’t be able to use it again.
To get backup codes, navigate to your profile settings and click the ‘Enable backup codes’ edit button.
Copy the codes to a text file and save them somewhere. Preferably printed and not on your computer.
You are done with backups.