Two-factor Authentication (2FA)
Two-factor authentication (2FA) is an extra level of login security. 2FA is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the data on an Upshot account.
Two-factor authentication (2FA) is a process that combines normal username and password authentication with a single-use token (OTP - one-time password), typically generated by a physical device or a smartphone app. This combination of “something you know” with “something you have” increases confidence that the user is authentic and is becoming more and more widely adopted, especially for applications that contain sensitive data.
Activating 2FA
To activate 2FA click on your name in the top corner of the screen:
And then on the right-hand side click
Activate two-factor authentication.
Throughout many steps of activating (or changing) anything regarding 2FA you will be asked to verify your account details by entering a password. This is a security measure.
When activating two-factor authentication, you will be required to confirm your password.
Downloading an authentication App
In order to use 2FA, you will require a smart phone to download an authentication app. This will give you a time-based one-time password that is the additional security level needed to access your Upshot account once 2FA has been fully set up.
Once you have downloaded the app, tick the box to confirm and proceed by clicking
next.
Recovery Codes
Once you have downloaded the App, and moved on to the following screen, you will be given 10 single-use recovery codes. These will allow you to access your Upshot account in case you do not have access to your authentication app.
Take note of these codes, print them out, or save them on your computer.
Once you have logged these, click to confirm and move on to your
next page.
Verifying your device
On your smartphone, open the authenticator app you downloaded, and scan the QR code on your screen using the camera.
You will then be presented with a six-digit code on your phone.
You have now registered your device (the computer you are using). You can choose to save this device for 30 days. This will mean you do not need to enter a 2FA code each time you login from this machine for the next 30 days.
All System Admins will be able to see that you have set up 2FA from Admin > Show all users. A 2FA logo will have appeared next to your name.
Logging in
Now 2FA is set up, next time you login (If you did not trust the device for 30 days!) you will need to enter your password as usual. You will then be asked to verify your account.
Open your authenticator app and enter the
six-digit code into the authentication code box. Some authenticator apps include a space when viewing the authentication code. If you are finding that your authentication code is not being accepted, please try entering the code without a space.
If you do not have access to your app, you can enter one of the two-factor recovery codes you saved previously, by clicking on
Enter a two-factor recovery code highlighted above. Once you have used one of the codes, you cannot re-use it. Alternatively if you cannot login, you can contact one of your system admins (or Upshot Support) who will be able to work with you to generate a new one-time code to gain access to Upshot.
Removing 2FA/ Adding a new device / Viewing Recovery codes
Once 2FA is set up, you can remove this, add an additional device, or re-view your recovery codes just by clicking your name in the top corner.
To remove 2FA, just remove the device and then confirm your password.
To add another device (you can have a maximum of two different phones registered) you can do this from here and follow the same steps as above.
To re-visit your recovery codes just click
View recovery codes.
Key Terms
Two-factor authentication (2FA):
Two-factor authentication (2FA) is a process that combines normal username and password authentication with a single-use token (OTP - one-time password), typically generated by a physical device or a smartphone app. This combination of “something you know” with “something you have” increases confidence that the user is authentic and is becoming more and more widely adopted, especially for applications that contain sensitive data.