Two-Factor Authentication

The Two-Factor Authentication (2FA) page in the Profile section of Signotaur enhances account security by enabling you to configure, enable, and manage 2FA using an authenticator app and recovery codes.

The 2FA page allows you to:

  • Link an authenticator app to generate time-based one-time passwords (TOTPs).
  • Enable or disable 2FA for added security.
  • Reset recovery codes or the authenticator key if needed.
  • Require 2FA on the next login by forgetting the current browser session.

The page displays the status of the authenticator app, whether 2FA is enabled, and, if the count is low, the number of available recovery codes, prompting you to regenerate them.

Setting Up 2FA

When you first navigate to the Two-Factor Authentication page, a New Authenticator App button is shown.

initial 2FA page

Clicking this directs you to a Configure Authenticator App page. This page displays a QR code and a key that can be entered into a two-factor authenticator app.

configure authentication app page

Download a two-factor authenticator app like Microsoft Authenticator for Android and iOS, or Google Authenticator for Android and iOS.

You can either scan the QR code or manually enter the key into the authenticator app. The key’s spaces and casing do not matter. Once the app is set up, it will generate a unique code.

Verifying the Authenticator App

To verify the authenticator app, you should enter the code generated by the app into the Verification Code input box and click the Verify Code button. After the verification, you will be redirected to a page containing a list of recovery codes.

recovery codes page

Important: These recovery codes should be stored in a safe place. If the device with the authenticator app is lost, the recovery codes are the only way to access the account. The recovery codes page includes a link back to the 2FA page.

Available Actions

buttons when 2FA enabled

The Two-Factor Authentication page has buttons for the following actions:

  1. New Authenticator App

    • Sets up a new authenticator app, as described above.

  2. Reset Recovery Codes

    • Generates a new set of recovery codes. It’s recommended to regenerate codes when only a few remain, or if you’ve used most of them.

    rest recovery codes dialog

  3. Disable 2FA

    • Disables two-factor authentication. After disabling, you will only need you primary credentials (e.g. username and password) to log in. Disabling 2FA does not change the keys used in authenticator apps. To modify the authenticator key, reset it instead.

    disable 2FA dialog

  4. Reset Authenticator Key

    • Resets the authenticator key, unlinking the current authenticator app. A new app must be configured to continue using 2FA. A confirmation dialog will appear before proceeding.

    reset authenticator key dialog

Conditional Actions

buttons when 2FA disabled

Depending on the 2FA status, the following buttons may also appear:

  1. Forget This Browser

    • This button is shown if you have chosen to remember 2FA login on the current browser. Clicking this will remove the browser’s session, requiring 2FA on the next login from this device.

  2. Enable 2FA

    • This button is shown if 2FA is disabled. Clicking it will display a dialog for enabling 2FA. You must enter a verification code from the existing authenticator app before clicking the Enable 2FA button. If the existing authenticator key is no longer valid or has been reset, links are provided to the Reset Authenticator Key dialog and the Configure Authenticator App page.

    enable 2FA dialog