Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Simply put, 2FA provides additional security against account. Which I am all sure we can appreciate in today's environment we have to concede to, as annoying as it can be.

  1. The first factor is your normal username and password.

  2. The second factor is a verification code from an application on a mobile device or computer.

Basically, if someone was attempting to compromise an account, they would not only need the username and password but also the device where the 2FA has been registered. Additionally, 2FA applications running on a device have their own layer of security that you need to get through before you can approve any 2FA request.

Authenticator Applications

There are many applications on the market and generally freely available. Some notable mentions:

  1. Bitwarden Open Source Password Manager | Bitwarden - providing access to your credentials across the web, on your PC as a desktop application, your mobile devices as an application.

  2. Microsoft Authenticator for mobile devices (Android and iOS).

  3. DUO.

  4. Google Authenticator App.

TOTP (Time-based One-time Password) and what does that mean to me?

Make sure the time on your device running your authenticator application is correct.

Another term used for 2FA is OTP (one-time password) and TOTP (Time-based One-time Password). Wise Owl uses TOTP.

Effectively an authenticator application that provides the verification code, provides a code that is only valid for a short period of time. If this time expires or the time of the authenticator application device or the application itself are not in sync, the verification code will be rejected. There is a tolerance built into the TOTP algorithm specification which can be implemented to allow a for a small amount of clock drift.

What should I do?

We suggest that you ensure that your devices running your authenticator application has it's time to set automatically. This should ensure that you device always has the correct time on it by using the internet to synchronise it's time with.

On a computer

You can do this by going in to the time on your computer (bottom right of main screen) and right clicking. Then choose Adjust date/time from the settings.

Ensure that Set Time Automatically is turned on.

This needs to match up with the relevant authenticator device you are using. If you are using a phone, your phone time and the computer time need to be the same.

Technical Reference

From the Internet Engineering Task Force (IETF) RFC 6238 - TOTP: Time-Based One-Time Password Algorithm (ietf.org) - notably Section 6 which talks about resynchronisation.

  • No labels