• When a user logs into their account they will be presented with a popup requesting them to setup 2FA for increased security.
o Users can choose to setup their 2FA or simply close the popup by selecting the ‘X’ or clicking outside the popup.
o If a user doesn’t have 2FA setup they will be presented with this popup on each sign-in.
▪ To disable this popup users must select the ‘Don’t show again’ button.
• Selecting the ‘Manage 2FA’ button will redirect the user to the 2FA Management page.
• Users can manage their 2FA settings via the 2FA Management page. Users can access this page after logging in by:
o Selecting the ‘Manage 2FA’ button when presented with the popup.
o Navigating to the ‘My Account’ page, scrolling down to the ‘Manage Two Factor Authentication’ section, and clicking the ‘Manage 2FA’ button.
• After clicking the ‘Manage 2FA’ button, users may be presented with an additional authentication page, in which they are required to re-enter their password.
o This page will only be displayed if it’s been more than 5 minutes since the last login/authentication.
• During the initial 2FA setup, the management page will present the user with a Preferred Two Factor Method of their choosing:
o Phone Number
o Email Address
• After entering the necessary data for the selected Authentication Method and clicking ‘Continue’, the user will be presented with a page to enter the Authentication Code:
o To resend an authentication code, select the ‘Resend Code’ button.
• After successfully entering the generated code, the user will be redirected to the 2FA Management page:
• After completing the 2FA setup, the user will be presented with a new authentication page on all further logins.
o The user can select “I’m on a trusted computer” to disable 2FA on the current device for 30 days (after which they will need to re-authorize the account)
o If the user needs their authentication code to be resent, they can select the ‘Resend Code’ button.
o If a user loses access to their authentication method, they can choose the ‘Send Backup Code’ button. This will prompt a popup to the user stating their backup code will be sent to the registered email address associated with the account. If they use this backup code, 2FA will be disabled on their account and they will need to follow the previous steps to set it back up.
• The user must successfully enter the correct authentication code to login.
o After 3 failed attempts, the user will be timed out. Further failed attempts will time out the user for an exponentially longer period.
Adding/Updating a Method
• To add another 2FA method, the user can select ‘Add / Update Preferred 2FA’. This will redirect them to the 2FA Method selection screen where they can choose to add a different method or update the value of an existing method.
• To change your preferred authentication method, select the ‘Set as Preferred’ button under the ‘Backup Methods’ section, or while adding/updating a method.
Removing a Method
• Currently the only way to remove a 2FA method is to disable 2FA entirely via the button available on the 2FA Management page.
• To disable 2FA for a users account, they can navigate to the 2FA Management page and select ‘Disable 2FA’. A popup dialog will appear for confirmation.