HomeGuidesRecipesAPI
HomeGuidesAPILog In

Two-factor authentication in Produce and Manage

Two-factor authentication (2FA) adds additional security to an account in the event that someone else gets/guesses your password. An additional code is created via an app (such as Google Authenticator) on your device that lasts for 30 seconds. The server also generates the same code and only if you enter the same value at the correct time will you be allowed access.

Main configuration through Produce

Only the current user can turn on 2FA for themselves because it requires them to have a secret key entered into an app that will generate codes. Go to the profile menu and then click to enable the link for two-factor authentication. A screen will appear that displays the secret key which can be manually entered into the authenticator app or the QR code can be scanned.

Now the code is entered in the app. This ensures that the set up of the verification app is correct before the feature is enabled. Otherwise, a subsequent login might not be possible. When the code has been entered correctly click the Turn On button.

After the feature is enabled the two-factor link on the profile page turns into a Disable link.

📘

Note:

Because it is a time-based code it is important that the server and device have fairly accurate system clocks.

The next time a login to Manage or Produce is attempted, there will be a verification code prompt. The code that appears on the authenticator app will be needed to log in. There is also a "Remember this browser?" checkbox that will remember if the two-factor authentication on this browser has been previously passed and will not prompt again for 90 days.

Additional maintenance option

When editing a user there is a new checkbox on their account indicating whether they have two-factor authentication enabled. It will be checked and enabled if they do have it on, and unchecked and disabled if they have it off. An admin can’t turn on two factor for another user because they need to get the secret key setup on their device first. But, the admin can disable the feature for a user in case, for example, they lost their phone.