Two-Factor Authentication

Contents

• 1What can I do here?
• 2How do I set this up?
• 2.1Setup
• 2.2Save session
• 2.3Disable
• 3What is (currently) not possible?

What can I do here?

This guide can be used to enable two-factor authentication. Once two-factor authentication is set up, the user can no longer use the API. Using two-factor authentication makes your account much more secure when you have a password that isn't very strong or if someone guesses it.

How do I set this up?

Setup

• Log into the portal as usual
• Click on 'Personal' in the top right and then on 'Personal settings'
• Under 'Two-factor authentication,' click on 'Enable 2FA'
• Scan the QR code with an app like Google Authenticator, 1Password, or Authy on your mobile phone. (This secret key can also be used in other solutions that support time-based One Time Password generation)
• Enter the code you see on your phone in the Token field.

After setting up your token generator, you can generate backup codes. We recommend storing these codes in a secure place. These codes give you access to your account if you don't have your token generator available.

Save session

While logging in, it's possible to remember the two-factor authentication.

This means that within 24 hours, you only need to perform the two-factor verification once, regardless of how many times you log in within those 24 hours.

This only applies to the device where you selected this option.

Disable

Administrators can also disable two-factor authentication for other colleagues. We recommend only doing this if you are certain that the colleague has actually requested it themselves. Social engineering is a very popular form of fraud, and having two-factor authentication disabled through a phone call or email is a good example of this.

What is (currently) not possible?

• Forcing two-factor authentication for all colleagues
• Remembering a two-factor authentication per device used, so you don't need to do two-factor authentication every time you log in from the same device
• Setting up or changing two-factor authentication for other colleagues
• Deactivating 2FA for accounts that manage multiple customers (partner accounts).