How to enable Two Factor Authentication for your krystal client area
This article was posted in: Getting Started
We support Two Factor Authentication in the Krystal Client Area.
What is Two Factor Authentication?
Two-factor authentication adds an additional layer of security to your Krystal client area by adding a second step to your login. In addition to something you know (i.e. your existing password) it adds what is known as s possession factor, based on something you possess - which in this case will be an App your mobile phone.
Since both are required to log in, even if an attacker has your password they can't access your account unless they also possess your phone.
Why is Two Factor Authentication (TFA) necessary?
Passwords are often compromised when mobile devices or computers are stolen or infected with malware - or when insecure networks are used to retrive passwords by email. They can often be guessed, they usually don't change very often, and despite advice otherwise, many of us have favorite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account.
What Type of TFA does Krystal support?
Currently we support the open source OAuth service, simply because it is free to implement for our customers and is in widesprad use. All that is required is an App that supports the creation of OTP (One Time Password) tokens. This basically means that the App produces a 6 digit number that changes every 30 seconds or so. This number is entered along with your usual client area login password. While there are a LOT of Apps that do this, we tested and like the following apps.
So what are you waiting for?
Get along to the App store related to your device and install the App before proceeding to setup TFA for your client area.
Enable TFA in your client account
Go to http://krystal.co.uk/client and login to your client area in the usual way. Then at the right of the main menu area click on the My Profile item and select Security.
Click the MANAGE TWO FACTOR SETTINGS item.
Read the details on the following page and when ready, click the green GOT IT, ENABLE etc. button
This will show a new screen with a QR Code (square bitmap). Leave this where it is and grab your phone!
Configuring your mobile device
In the Authy App (Available for both iOS and Android) on your phone, click the top left corner to add a new account (Dropbox and CodeGuard appear because they were previously configured on the devices used for our screenshots).
Tap the Add Authenticator Account item (iOS) or Authenticator Account + item (Android)
Tap the button to Scan the QR Code with your phone's camera, and then point the camera at the QR code on your PC's screen until it locks on and registers the account.
Once the App has added the account you will be asked to confirm it. Just tap the Done button. That's it! You can now open the Authy App, select your Krystal account fom the configured accounts in the App and display your One Time Passcode whenever you need to.
Next time you log in, you will be asked for your security code from the Authy App as an extra step. Just enter the code shown in the app, and Confirm.
The first time you log in you will be given a Backup Code in case you lose your phone, or your phone is not available to you. This code should be kept somewhere safe, like inside a secure Note in 1Passwd or LastPass.