Make the admin area of your site even more secure by setting up two-factor authentication for all admin users
Two-factor Authentication (2FA) must be turned on by Phew prior to profiles being setup
When an admin has not setup their 2FA, they will see the following message on their dashboard:
Firstly, click the link that says Configure 2FA. This will take to the page in your profile to setup the 2FA on your account.
Next, open the Microsoft Authenticator app on your mobile phone, and click the '+' in the top right corner. Click Other for the type of account - this will open the camera, and you will need to scan the QR code on the website:
This will add a new account to your Authenticator app with a code and a timer. The code will change when the timer hits 0.
Enter the code on the page in the box as highlighted below:
Click the ACTIVATE button.
A box will popup saying Download Recovery Codes. Make sure to click DOWNLOAD:
These codes are a backup so if you get locked out, you can enter the code to prove its your account and reset your 2FA status.
Once you have done this, your account will have 2FA enabled and you will need to enter a code from the Authenticator app to login.
Activating or Extending 2FA
If a user does not activate 2FA and gets locked out, you can give them an extension by doing the below:
Go the the list of users and hover overs the user you want to unlock. Click 2FA:
This will take to you to their 2FA set up page. There’s a button at the bottom that says ACTIVATE GRACE PERIOD, enter the amount of days you want to extend and then click the button:
If you have any issues with 2FA, or would like to discuss setting it up for your site, please email our helpdesk on support@phew.org.uk