Multi-factor Authentication
Why is multi-factor authentication necessary?
Digital security is critical in today's world because both businesses and users store sensitive information online. Everyone interacts with applications, services, and data that are stored on the internet using online accounts. A breach, or misuse, of this online information could have serious real-world consequences, such as financial theft, business disruption, and loss of privacy.
While passwords protect digital assets, they are simply not enough. Expert cybercriminals try to actively find passwords. By discovering one password, access can potentially be gained to multiple accounts for which you might have reused the password. Multi-factor authentication acts as an additional layer of security to prevent unauthorized users from accessing these accounts, even when the password has been stolen. Businesses use multi-factor authentication to validate user identities and provide quick and convenient access to authorized users.
Multi-factor Authentication
It is strongly advised that you configure BOTH options. You can select your prefered default option at any time.
Option 1: Verification Code using Authentication App
IMPORTANT
The option is supported by Chrome, Firefox and Edge.
Step 1
Log in to your Joomla account then from the Home menu select Edit Profile under Login.
Scroll down until you see the section for Multi-factor Authentication.
Here you will see two options for MFA:
- Verification Code
- Web Authentication.
We recommend configuring both so you have a backup method to login.
Step 2
We will setup the Verification Code first. This method requires an Authentication App installed on your phone. There are browser apps that will work; however you will need to have the browser app to log in to the site on a portable device so they are NOT recommeneded.
Microsoft Authenticator
This authentication app from Microsoft is our prefered authentication app.
Step 3
From the MFA options listed under your profile verify that there are no existing MFA verification codes setup then click add new verification code.
- Enter a Title for this MFA method, I’ve named it Microsoft Authentication code so it will be easier to identify when I login.
- You can make this the default method, this can be changed at any time by editing your profile.
- From the Authenticator app add a new account and select the option to scan a QR code. When the camera appears on the app, scan the QR code on your screen (NOT the example shown above)
- Once the app has scanned the QR code and set up the account, select the new entry in your authenticator to see the one time six digit password. Enter the password where shown in the image (left) and click Save.
- You should now see the new Authentication method in your Profile. You can edit and delete this MFA method from here as well.
Step 4
The Verification Code is now configured and enabled for your account.
When you login you will now be presented with a screen asking for your Verification Code. Enter the code from your phone to complete the login.
Option 2: Web Authorization using your Phone Biometrics
IMPORTANT
The option is supported by Chrome and Edge. Firefox does not support this option.
Step 1
This method uses your phone’s biometrics to login using your fingerprint.
Return to you profile edit page and scroll down to the MFA section.
Click Add a new auth method
Step 2
On this page, please update the Title to something that will make it easy to identify when needed.
Click Register your Authenticator.
Step 3
You will now be presented with 3 pop ups.
Click OK
You will see this popup with Chrome and Edge, click okay. This MFA method is not supported by Firefox.
Click Cancel
The browser will ask for a USB based token by default, click cancel.
Select your Phone
Unlock your phone and you should see the phone connecting, when the site has connected with your phone you will be asked to complete the process using your finger print. Once complete you will be able to select this login method.
Web Authentication is now configured
Step 5: Login using Web Authentication
When you login and Web Authentication is your default, you will now see a page asking you to Validate with your Authenticator. If you are using a laptop or PC, open your phone to complete the MFA Authorization by providing your finger print. If you are browsing with your phone you will be asked for your finger print once you click Validate with your authenticator.
Complete login on your phone
Have your phone ready, when you click the Validate with your Authenticator, your phone will begin the validation process as shown to the right.
Once connected to your phone you will be asked for your finger print to continue.
What if I can't Login using the app? Backup codes
The site will generate a set of backup codes that can be stored SECURELY and used should the other multifactor options fail.
These codes are located in your Profile under Multi-factor Authentication. You can access your profile once logged in under Home - Login - Edit Profile
There are 10 backup codes initially, you can regenerate the codes as required.
To use a backup code click the link under the Validate button to select a different authentication method, select Backup code.
Enter one of the codes you have printed, this code will be destroyed once used and can not be used again.