Two-step verification

Introduction

2-step verification is a simple and more secure way to protect your accounts. It combines a password (something that you know) with a second factor (something that you own), so it is less vulnerable to attacks.

The most common verification techniques are:

  • Text messages with PIN code on your mobile phone
  • Authenticator app generates an authentication code
  • Yubikey (a hardware device similar to USB)

Exponea currently offers 2-step verification with the Authenticator app and Text message. We plan to support Yubikey soon.

Configuration

To enable 2-step verification for your Exponea accounts, go to User Settings -> Security.

Configuration window

Configuration window

Once the 2-step verification is enabled, you will be asked to verify yourself with the chosen method every time you log in.

Login page - 2-step verification

Login page - 2-step verification

Authenticator app

Install an authenticator app on your mobile device. You can use any authenticator mobile app, but we recommend to install Google authenticator:

Open authenticator and scan the QR code to obtain a 6 digit code which you need to input in Exponea. Click "confirm".

Configuration of Authenticator APP

Configuration of Authenticator APP

Backup codes

Backup codes are useful if you don't have access to your mobile or Yubikey. When you enable this option, you will obtain 10 codes which you can use to log in. You can use every code only once.

Note that backup codes are not part of 2-step verification. Use backup codes only as a recovery option if you lose access to your devices.

Text message

In User settings -> Security enable the "Text message" option. When you enable this option you need to enter your phone number and click Get code. Once you receive the code type it into the text area below. Click confirm.

You can add more phone numbers for this verification method. Just click show when text message verification is enabled.