How do I enable two-factor authentication (2FA) for my team?

Two-factor authentication (2FA) provides an added layer of security for your WriteUpp account. This is a site-wide setting so before you enable it its important to understand:

  • What it is?
  • How it works?
  • What are the implications of enabling 2FA?

PLEASE DON'T ACTIVATE 2FA ON YOUR ACCOUNT UNTIL YOU HAVE READ THIS DOCUMENT IN ITS ENTIRETY.

What is Two-factor Authentication (2FA)?

As the name suggests 2FA uses two mechanisms (instead of one) to verify your identity when you login to WriteUpp. In our case these two mechanisms are:

  • Username/password - like normal
  • Your mobile phone 

All this means in reality is that the login process has one extra step after you have entered your username and password. This step involves entering a Time-based, One-time Password (TOTP) which is a six digit code generated by the Google Authenticator app on your mobile phone.

In case you're wondering, time-based means the code changes every 30 seconds 

The thinking behind this is that if your username/password is compromised anyone trying to maliciously access your account would also require your mobile phone to generate your unique six digit code to gain access to your account.

How does 2FA work in WriteUpp?

PLEASE DON'T ACTIVATE 2FA YET. BE SURE TO CHECK OUT THE IMPLICATIONS (AT THE END OF THIS DOCUMENT) BEFORE PROCEEDING.

Enabling 2FA (Site Admin Only)

If you wish to enforce 2FA for all users on your site you first need to activate it. This is a one-time process and you do this by following these steps:

  • Log in to WriteUpp as normal
  • Go to Settings->Users
  • Click on the blue "CONFIGURE TWO-FACTOR AUTHENTICATION" button
  • At this point we perform a check to see if you have any text credits, which are required if you wish to enable 2FA:
    • If you don't have any text/SMS credits you will be prompted to purchase them. We use SMS to verify a user's identity and as an alternate way of sending the six digit code if the user is unable to use the Authenticator app.
    • If you already have text/SMS credits you will be taken to the screen shown below (without the voided barcode):

      Image_2017-11-23_at_5.30.38_pm.png

      The video below, shows Steps 1-4 (above) in action:



  • Once you have completed the steps above and clicked on "Activate" you will be asked to verify your mobile phone number (so that we can send your 2FA code via SMS if you are unable to access Google Authenticator).
  • When you confirm your number we will send you a 4-digit code by text/SMS that you need to enter on-screen
  • Once you have entered the correct code and it has been validated 2FA will be active on your site and from this point forwards all users will need to use 2FA to login.

First Time Set Up Of 2FA For Users

NOTE: This is mandatory if you activate 2FA. Your users will not be able to login to WriteUpp until they have completed the set up process

Once you have enabled 2FA ALL of your users will be taken to the following screen when they next login where they should follow the on-screen instructions:

Image_2017-11-22_at_2.02.50_pm.png


The steps are summarised below:

  1. Download and install Google Authenticator: Get it here for -> iPhone and Android
  2. Open Google Authenticator on your mobile phone, click on "+" to add WriteUpp
  3. Scan the barcode on screen (in WriteUpp)
  4. Enter the six digit code in the field on screen and click on "Activate"
  5. Check mobile number and click "Confirm"
  6. Enter the four digit security code sent via text/SMS to your mobile
  7. When your code has been validated 2FA is set up

To be clear, this is the 2FA set up process for your users. Unless they lose/change their mobile phone this is a one-time process.

Logging In Once 2FA Has Been Turned On

Once 2FA has been activated (by Site Admin) and set up by your users it is very straightforward to use on a day to day basis, as below:

  1. Enter your your username and password in WriteUpp as normal
  2. Open the Authenticator app on your mobile phone
  3. Enter the six digit code and click on "Verify"
  4. That's it!

If your users don’t want to enter a 2FA code every time they login to WriteUpp, they can mark their computer or device as "trusted" and they will only need to re-authenticate (via 2FA) every 30 days or sooner if they clear their browser cache.

IMPORTANT: Your users should only check "Trust this device" on computers that they/you own or have exclusive control of.

To find out more about Trusting devices take a look at the article below:

What does "Trust this device" mean?

What are the implications of turning on 2FA?

The peace of mind offered by 2FA is irrefutable but before you go ahead and activate 2FA on your account please read the implications below very carefully:

  • your users will always need their mobile device with them to login to WriteUpp unless they checked "Trust this device" when they previously authenticated. If so, they will not need to enter a new code for 30 days or sooner if they clear their browser cache.

  • your users will be unable to login to WriteUpp if they lose their mobile phone and have not checked "Trust this device" when they previously authenticated.

  • you must be confident that your users will be capable of performing the one time set up of 2FA that will be required after you have activated 2FA. Please also keep in mind that they MUST do this on a desktop/laptop device

  • you must be confident that your users will be comfortable logging in to WriteUpp with the additional step that is required by 2FA.

  • your users will need their own mobile phone which is capable of installing the authentication app, described later in this article.

  • you will need to purchase text credits so that we can verify the identity of your users (via their mobile phone) and send their 2FA code via SMS in the event that they are unable to access the authenticator app.

  • your users will not be able to use the WriteUpp mobile app unless they are running the latest version of the app.

  • in WriteUpp, 2FA is "all or nothing". By this we mean that it is a site-wide security setting which is not turned on by default but if you do activate it you will be doing so for all users. There is no option to apply it on a user by user basis.

  • turning on 2FA may result in an increase of instances where your users have issues logging in to WriteUpp. This isn't a consequence of any technological deficiencies in 2FA or WriteUpp. It typically happens because users fail to follow the correct process when logging in with 2FA. To minimise these issues you should ensure that all your users have read the following articles:

    How do I set up user-based two-factor authentication (2FA)?

    How do I login once I have set up 2FA? 

  • you may experience adverse feedback from your users who feel that the requirement to a) have their mobile with them whenever they login to WriteUpp b) enter a unique code as well as their username/password is unnecessarily onerous.

  • because of the nature of 2FA we cannot provide assistance with 2FA login issues. The technology that we are using to implement 2FA in WriteUpp is used industry-wide and in 99.999% of cases will not be the cause of any login problems that you or your users might experience. In nearly all situations the problem will be user error and these will need to be handled internally by your own admin team. To be clear any 2FA issues will be redirected to the Site Admin by our Help Desk.

 

Need More Help?

We understand that not everything is black and white, so if you need some help, click "Submit A Request" ticket and one of our team will help you out as soon as possible.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk