Users will need access to view their CMS profile (/admin/myprofile) to enable and manage two factor authentication. Depending on the configuration, the below screenshots may look slightly different, but the general process is the same.
-
Log into the CMS and navigate to your profile's "Two Factor Authentication" tab.
-
Check the "Enable Two Factor Authentication" checkbox and save your profile, or click the button. This will generate a Timed One-Time Password token and a QR code to set up in your second factor application (Google Authenticator, for example).
-
Scan the QR code (or enter the token) into your two factor authentication application and use alongside your regular email and password when logging into the CMS.
See the installation instructions for various mobile devices.
You can set up backup security tokens just in case you lose access to your second factor device.
-
Log into the CMS and navigate to your profile's "Two Factor Authentication" tab.
-
Click the "Create new two-factor backup tokens" button.
-
Immediately record your new backup tokens and save them securely. Any previous tokens are destroyed.
-
You can now use this token in place of two factor authentication.
Tokens are single-use, and each one will be removed from your pool of backup tokens once you have used it.