Two-Factor Authentication & Signable
All About Authentication
You’ve got your envelopes locked up tight – that’s great! But in today’s landscape of the super-savvy techno hacker, all it takes is a password that’s a little ‘password123’ to take your personal data and make it EVERYONE’S data.
Never fear though, that’s where two-factor and multi-factor authentication (2FA and MFA for short) comes into play! The best way to view it is like this, 2FA consists of a combination of any two of the following three elements:
- Things you know (knowledge), such as a password or PIN.
- Things you have (possession), such as a badge or mobile phone.
- Things you are (inherence), such as a biometric like fingerprints or voice recognition.
Now, in order for it to be two-factor, you’ll need a combination of two of these elements, for example; something you know AND something you have. It can’t be two methods of the same factor (ergo, password and pin).
In its current form, Signable will be utilising the password protection (something you know) and authentication from one of many authenticator apps (something you have).
What on earth is an authenticator app? Well, dear reader – it’s an application that is specific to your particular device. Once downloaded, you can link this app with any 2FA enabled service and voilà, you’re now infinitely more secure than you were before! Each time you log-in to that service, you’ll use your passwordAND a code generated by the authenticator to access the service.
What are these fabled authenticator apps, I hear you ask? Here’s some examples, simply click the icon to be taken to it’s respective website!
You can find other authenticator apps on your App Store of choice and most are entirely free!
How to link Signable with an authenticator app:
Please Note: At present, we currently only support the QR based account linking, so please ensure your device has a working camera!
Right, you’ve got your shiny new authenticator installed on your phone – how do we use it? Firstly, you’ll need to activate 2FA within Signable, more info on enabling 2FA can be found here. Once that’s done, the next time you log into Signable – you’ll be greeted with this screen:
When you first open your authenticator app, it may take you on a grand tour of its various functions and features but at it’s basis, there will be on option to add a 2FA enabled account. For example, on Google Authenticator, you’ll see a small ‘+’ which will give you the option to either ‘Scan a QR Code’ or ‘Enter a Setup Key’. As mentioned above, we only offer the QR code option at present so choose ‘Scan a QR Code’.
This will open your device’s camera, simply point it at that strange square symbol that looks like TV static (the QR code for the uninitiated) and your authenticator will do the rest! Congrats, your Signable account will now be linked to your authenticator.
Now, a six-digit numerical code will appear assigned to something like “Signable (your email here)”, this example is again, from Google Authenticator but you can see the code clearly on the left, there will also be some form of countdown, denoting that you’ve got 20-30 seconds to use this code for access before it’s replaced with another. The code will only remain valid as long as it is on the screen, if it’s replaced – it’s no longer valid!
Once you’re acclimatised, take the six digit code and pop it in the box on the Signable set-up page labelled ‘Enter generated authentication code’. It’ll then accept it if it’s the right code, or reject it if not. If it rejects it, don’t panic! Just try again.
Once the code has been entered, you’ll be greeted by one final screen, this jumble of numbers and letters is your recovery code – if all else fails, this will be used to reset the 2FA on the account (or user), allowing you to re-link Signable with an authenticator app. This code is one-use and highly specific – it’s highly recommended that you store this somewhere safe, whether that be a password vault or physically written down and stored somewhere safe. If you end up getting locked out and heaven forbid, have lost this code – it’s not the end of the world, contact us at email@example.com or on 0800 612 6263 and we’ll get you sorted.
Locked it away deep within the vault? Good. Click the wee checkbox that says ‘I have stored this code somewhere safe.’ then press Continue – there you go! You will now be greeted by the familiar Signable dashboard, secure in the knowledge that you’re all shored up!
Now that you’re an authentication pro, click here for more information using 2FA with Signable