Multi-factor authentication (MFA) is a reliable way to add an extra layer of security to online accounts. This additional layer of security requires users to provide more than one factor of authentication before accessing their accounts.
There are three factors of authentication: something the user knows (such as email and password), something the user has (such as a randomly generated code on their smartphone) or something the user is (such as fingerprints and facial recognition).
In the context of our online learning platform, Lt, we use time-based one time passwords, or TOTP for short. These codes are randomly generated every 30 seconds and typically consist of six digits. TOTP codes rely on shared secrets, which are stored securely within Lt and the user's authenticator app of choice. Popular apps include Google Authenticator and Microsoft Authenticator.
Users can set up multi-factor authentication by navigating to the user menu and selecting ‘Multi-factor authentication’.
To enable two-factor authentication, users should first scan the QR code or manually enter the code into their authenticator app. Then, they should enter their password and the six-digit code generated by the app into the 'Step: 3' box and click enable.
When logging in with multi-factor authentication enabled, users will be prompted to enter their six digit TOTP codes. Here is what this dialog looks like. Users can use their recovery codes here by clicking ‘Login in using a recovery code’.
After multi-factor authentication has been enabled, you will be prompted to save your recovery codes. These recovery codes can be used in the event you lose access to your authenticator app or account.
It is recommended that you download your recovery codes and store them in a safe location. e.g. a password manager.
These recovery codes are one time use and will allow you to log in to Lt without having to enter your TOTP code. Once logged in, you can disable multi-factor authentication or create new codes as required. The QR code and manual setup code shown in the first dialog are only shown once.