In addition to the password, two-factor authentication (2FA) is supported. The TOTP algorithm is used as a 2FA - time-based one-time passwords.
Enabling/disabling 2FA
- For account administrators: you need to go to the user profile (your own or another user's profile) for editing and set "Use 2FA" to "YES" or "NO", update the profile. The next time user logs into his account, he will be prompted to set up two-factor authentication. When editing the profile of usual users, you can set the parameter "Can toggle the use of 2FA" to the value "No" - so that the user cannot change (disable or enable) the use of 2FA for his account.
- For non-administrators: 2FA may already be enabled and disabling may not be possible, and vice versa, 2FA may be disabled and enabling may not be possible if the administrator has made the appropriate settings. You can view your profile - The "Use 2FA" parameter shows whether the use of 2FA is enabled at the moment. If you have the right, then you can change the setting by entering your profile editing page - the "Use 2FA" setting YES/NO.
First login with two-factor authentication
During login, after entering the password, if 2FA has not been configured for the user before, a QR code will be presented with a suggestion to install an application for multi-factor authentication on the phone (for example, Google Authenticator), as well as a field for entering the code.
In the application, you need to add an account by scanning the provided QR code. After that, the application will start generating one-time codes. The code is valid for 30 seconds.
On the website, you need to enter the code generated by the application and click "continue".
If the code is entered correctly, the user will be logged into the system.
Subsequent logins with two-factor authentication
There is only a field for entering a one-time code, without a QR code, without the possibility of disabling 2FA.
To log in to your account, you must enter the correct one-time code.
In case of difficulties
- If an incorrect code has been entered or the code is out of date, you cannot log in, the text "Otp invalid!" appears next to the code entry field. If the code was entered correctly, you need to synchronize the time on your phone.
- If you cannot log in and 2FA was not configured earlier, you can press the "Disable 2FA" button, in this case 2FA will be disabled and the user will log in. The action is available only for administrators or for users with the "Can toggle 2FA" permission.
- If it is not possible to log in, and 2FA was previously configured, a usual user can contact the account administrator. If difficulties arise when the account administrator logs in, he can contact another administrator of the same account. The administrator can reset 2FA by going to the user's profile and setting the "Reset 2FA" option to "YES". - The next time the user logs in to the account, he will be prompted to set up two-factor authentication. If there is no other administrator available to reset the 2FA for the account administrator, then Webdata.live tech support should be contacted.
- If the user successfully logs into his account with the configured 2FA, if there is a need to change the phone in order to configure 2FA on a new phone, the user can reset his 2FA by himself by going into his profile for editing and selecting the "Reset 2FA" parameter - "YES" and update the profile.