2-factor authentication improves security on your user account
Enabling 2-factor authentication adds an additional layer security to your user account, by requiring you to enter a new one-time-use passcode generated from your mobile device each time you log in. In the event that your username and password were compromised, an unauthorized third party would be unable to log in without access to your mobile device.
User Preferences
To set up or manage 2-factor authentication for your account, navigate to Options -> User Preferences and click on the "2-factor authentication" button.
This window will display the current status of 2-factor authentication on your account and list your registered devices. To enable 2-factor authentication, you must register at least one device.
Installing an authentication app on your mobile device
Before you can register your device (for example, a smart phone) for login with OnePacs, you'll need to install a mobile authenticator app. The authenticator app is where you will obtain the one-time-use passcode each time you log in. OnePacs recommends the following apps which are available on both iOS and Andriod:
Using two factor authentication without a mobile device
OnePacs recommends and supports using two factor Authentication by means of a mobile device, such as an iOS or Android device, running authentication software. However, for users who do not wish to use a mobile device, it is also possible to use two factor authentication through other means.
NOTE: As these non-mobile device based methods are not officially recommended or supported by OnePacs at this time, OnePacs support may not be able to assist in troubleshooting issues that may arise through their use. The manufacturer or producer of the third party software product or device should be contacted for detailed technical assistance with their use.
Chrome Web Browser as authentication device
For example, a Chrome web browser installed on a particular computer can be used as a two-factor authentication device through various third party applications. One of these, Authenticator for Google Authenticator, contains a facility for capturing an on-screen QR code, making setup particularly easy. However, it must be noted that if the computer on which the authenticator app is installed also has stored the user's password (such as in a web browser), then both factors of the two-factor authentication could be obtained through access to that particular computer.
Third party dedicated hardware as authentication device
A more secure method of using two-factor authentication without a mobile device would involve use of third-party dedicated authentication hardware, such as the Yubikey authentication device, or other similar devices that support the TOTP (time-based one time password) protocol. The Yubikey can be used in conjunction with a desktop application (Yubico Authenticator, for Windows or macOS) to provide two factor authentication functionality for signing into OnePacs. As the second factor secret is stored on the Yubikey device itself, this setup represents true two factor authentication. When signing into Onepacs using this method, the Yubikey device itself is inserted into a USB port on the computer at the time of logging in. When OnePacs prompts the user for the second factor authentication code, the user can obtain the code from the Yubico Authenticator program, which will obtain the code from the USB device and display the code on the screen. Setting up a Yubikey for use with OnePacs two-factor authentication is the same procedure as setting up the Yubikey for other similar applications such as Gmail, and Yubico's documentation regarding setting up a Yubikey for Gmail explains the procedure.
Registering your device
To register a new device click on the "Register new device..." button. You will be prompted to enter a name for your device. Choose something that will allow you to remember what device you are registering (e.g. "my iphone 7"). Then press "Next".
A Q/R code will appear on the screen. You will need to scan this code with your authenticator app to register your OnePacs account.
Enter a 6-digit passcode generated by your mobile device and click "Verify" to continue. At this point 2-factor authentication will be enabled for your account and you will be prompted to enter a passcode on your next login.
Temporarily suspending 2-factor authentication
2-factor authentication may be suspended temporarily for your account, if permitted by your organization, by clicking on the "temporarily suspend" button. Select a date up to 1 week in the future to resume 2-factor authentication and press the "suspend" button.
At this point, 2-factor authentication will be suspended and thus you will not be prompted for a one-time-use passcode on login until the suspension date passes.
Resuming 2-factor authentication
If 2-factor authentication is suspended, it can be re-enabled by clicking the "resume" button.
Removing 2-factor authentication
A user may remove 2-factor authentication from their account by deleting all registered devices.
Administrators may suspend or remove 2-factor authentication for users they administer.