Multi-Factor Authentication (MFA) provides an extra level of protection on your account beyond your username and password. To get started, be sure you have a smart device with a compatible authenticator app downloaded and installed.
There are a number of authentication applications that will accomplish the same thing, so if you already use an authentication app, please consult the instructions for the configuration (must be Google Authenticator compatible). If you do not already have an MFA application, we recommend downloading Google Authenticator, which is currently available for Android and iOS/iPhone.
Configuring an MFA Token for your Account
To enable MFA, go to your user profile (i.e. click on your name in the upper right corner), and click Enable next to the MFA Security section of the overview page:
The system will will reveal a unique QR Code and secret code. Using your smartphone MFA application (e.g. Google Authenticator), add a new entry for your Trackops account. You can accomplish this by taking a photo of the QR Code (if your MFA application provides this feature), or by manually entering the secret code displayed beneath the image.
Once you're sure the new account has been setup properly inside your MFA application, enter active 6-digit code provided by your application into the Verify MFA Code box located below the QR Code. Once entered, save the form. If the test passes, you are good to go, and are now protected by Multi-Factor Authentication. If there is a problem with the code entered, the system will prompt you to enter a new code.
After saving your MFA token, be sure to download your recovery codes to ensure you can maintain access to your account in the event you lose or no longer have access to your registered MFA device.
See Downloading your MFA Recovery Codes below.
IMPORTANT: Once MFA is enabled, you will be required to enter the 6-digit code each time you login, as shown below. If you have lost your phone or do not have access to your device, you will not be able to login until MFA has been disabled for your account.
Resetting your MFA Token
Should you need to reset your token (i.e. generate a new secret code), you can easily do this from your profile. To start, go to your user profile (i.e. click on your name in the upper right corner), and click the Reset link, located on the the overview page:
This will generate a new image, and new secret code. Once reissued, you will need to register the new token with your MFA application, as described above.
After resetting your MFA token, be sure to download your recovery codes to ensure you can maintain access to your account in the event you lose or no longer have access to your registered MFA device.
See Downloading your MFA Recovery Codes below.
Disabling your MFA Token
If you wish to disable MFA authentication for your account, simply click the Disable link located next to the MFA Security section on the overview screen of your user profile:
If you have lost your MFA device, use your recovery codes or contact your system administrator for assistance.
Downloading your MFA Recovery Codes
After setting up your MFA device for the first time or resetting your MFA token it is important to download your recovery codes to another device (not your phone) that you have access to. Recovery codes will allow you to authenticate to your account in the event your registered MFA device is lost or not accessible.
To download your MFA recovery codes Click Your Name in the top right to access your profile. From here, click the View recovery codes link located under the MFA Security section. Finally, click Download to download your recovery codes in a text file.
If you do have any available recovery codes, click Generate New Codes to generate a new set of recovery codes and then follow the above steps to download them.
Tip: It is recommended to store recovery codes in a password manager (e.g. 1Password) or other encrypted device that is not accessible to others.
In the event you've lost your registered MFA device, you can now use a recovery code in place of an MFA code to gain access to your account.
Troubleshooting MFA / Authenticator Issues
My authenticator codes no longer work
- Make sure you are using the correct account. If you are unsure or are on a new device, reset your MFA token (see Resetting your MFA Token above).
- Verify your date and time are automatically set. MFA codes are heavily dependent on the clock associated with your device. Verify your time is accurate by ensuring that time is configured to Set Automatically.
- iOS: Settings > Date & Time
- Android: Clock > Settings > Change date & time > Set time automatically
- Make sure location services are turned on for timezone configuration. Some devices use your location to determine your timezone and properly configure the time on your device.
- Reboot your device. Sometimes the device can get out of sync with your clock, especially when crossing time zones. Reboot your device to reinitialize your clock synchronization.
- Reset your MFA token. If you still cannot get your MFA code to work, remove the token from the authenticator app on your device, then reset your MFA token (see Resetting your MFA Token above).