Hypolite Petovan
8e885f5b97
- Add settings aside menu entry - Add two-factor authentication documentation
60 lines
3.1 KiB
Markdown
60 lines
3.1 KiB
Markdown
# Configuring two-factor authentication
|
|
|
|
* [Home](help)
|
|
|
|
You can configure two-factor authentication using a mobile app.
|
|
A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time.
|
|
|
|
**Tip**: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time.
|
|
If 2FA is already enabled and you want to add another device, you must re-configure 2FA from your security settings.
|
|
|
|
## Enabling two-factor authentication
|
|
|
|
### 1. Download an authenticator app
|
|
|
|
Any authenticator app should work with Friendica.
|
|
Notheless, we recommend:
|
|
|
|
- For iOS, [Matt Rubin's MIT-licensed Authenticator app](https://mattrubin.me/authenticator).
|
|
- For Android, [andOTP](https://github.com/andOTP/andOTP).
|
|
|
|
### 2. Record your one-use recovery codes
|
|
|
|
From your [two-factor authentication user settings](/settings/2fa), enter your password and click on "Enable two-factor authentication".
|
|
|
|
You will be presented with a list of one-use recovery codes.
|
|
Please save those in the same place you are saving your Friendica password (ideally, in a password manager like [KeePass](https://keepass.info)).
|
|
|
|
When you're done, click on "Next".
|
|
|
|
### 3. Setup your authenticator app
|
|
|
|
You have three methods to setup your authenticator app:
|
|
|
|
1. Scan the QR Code with your device camera.
|
|
This will automatically configure your account on the app.
|
|
2. Click/tap on the provided **totp://** URl.
|
|
Ideally your authenticator app should be called with this URL and set up your account.
|
|
3. Enter your account settings manually.
|
|
Friendica is using default settings for token type, code digit count and hashing algorithm but you may be required to enter them in your app.
|
|
|
|
**Tip**: If you have multiple devices, configure them all at this point.
|
|
|
|
Then verify your app is correctly configured by submitting a code provided by your app.
|
|
This will conclude two-factor authentication configuration.
|
|
|
|
**Note:** If you leave this screen at any point without having submitted a verification code, two-factor authentication won't be enabled on your account.
|
|
To complete the configuration, just come back to your [two-factor authentication user settings](/settings/2fa) and click on "Finish configuration" after entering your current password.
|
|
|
|
## Disabling two-factor authentication
|
|
|
|
You can disable two-factor authentication at any time by going to your [two-factor authentication user settings](/settings/2fa) and click on "Disable two-factor authentication" after entering your current password.
|
|
|
|
You should remove your Friendica account from your authenticator app as it won't work again even if you reenable two-factor authentication.
|
|
In this case you will have to configure your authenticator app again using the process above.
|
|
|
|
## Managing your one-time recovery codes
|
|
|
|
When two-factor authentication is enabled, you can show your recovery codes, including the ones you've already used.
|
|
|
|
You can freely regenerate a new set of fresh recovery codes, just be sure to replace the previous ones where you saved them as they won't be active anymore.
|