Two-Step Verification

Revision as of 10:38, 21 March 2015 by TCAWiki (talk | contribs) (→‎Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Configuration

  • Install Google Authenticator on your smartphone. You may use other OTP software or hardware.
  • Log in to TCAdmin.
  • Select "Account Security" from the menu options.
  • Select the "Two-Step Verification" tab.
  • Check "Enable two-step verification"
  • If you want to enable two-step for FTP access check "Enable two-step verification for FTP connections". If you enable this option configure your FTP client to send the password in the following format: YourPassword#GeneratedToken
  • Type the verification key in Google Authenticator or other software/hardware. If your software has scanning capabilities you can scan the QR-code.
  • Generate a token and type it in the "Generated Token" field.
  • Click on Save.

Common Errors

All generated tokens are expired

The token is generated based on the current time and is valid for 30 seconds. This required that both the client and server have the correct time.

Use NTP to synchronize your date and time on the server:

On smartphones the easiest way to have the time synchronized is to set it to automatic.

User lost his verification key

You can disable two-step verification by selecting the user, select the "Actions" tab and click on "Disable two-step". If the action is not visible it means the user doesn't have two-step authentication enabled.

Admin lost his verification key

Start the monitor in console mode. Execute this command in the console: 

disable-two-step Admin
Retrieved from "https://help.tcadmin.com/index.php?title=Two-Step_Verification&oldid=1269"