TOTP Two-Factor Authentication
In this article, we're going to enable Strong Two-Factor Authentication using Time-Based One Time Password Authentication (TOTP). Sometimes this is called app authentication using authenticator apps like Authy, Google Authenticator, Microsoft Authenticator and similar. There's clients for almost any type of clients. Modern password managers like 1Password and LastPass also includes TOTP authenticator clients. The standard for TOTP is defined in RFC6238.
Please see the following video overview of using TOTP Strong Two-Factor Authentication:
There's no requirement for any configuration to enable TOTP Authentication. You can configure a friendly name if you want in Admin → Configuration → Strong Auth TOTP.
In order to enable your users to use TOTP Authentication, you can choose to enable or require TOTP Authentication on a per group basis in Admin → Groups:
The default configuration for all groups is TOTP Enable. If you select TOTP Enable, users can enable TOTP Strong Two-Factor Authentation if they want. If you select TOTP Require, users will require to use TOTP Strong Two-Factor Authentication.
Remember Strong Authentication
If you enable Remember Strong Authentication (see screenshot above), users will be presented with a checkbox to remember, or skip, strong authentication for 2 weeks.
Configuring Exclude Networks (see screenshot above) will enable you to skip Strong Authentication for specified networks, typically your internal networks.
If you have selected TOTP Enable for a group of users, users in that group can enable TOTP Authentication by going to Account Settings and the Two-Factor Authentication Tab:
If you have selected TOTP Require, users will be required to configure TOTP using a similar screen next time they login.
Please see the Video Overview above to see the user experience.
Since TOTP is based on an open standard, there are many available clients for a variety of systems. Here are some examples in alphabetical order:
|1Password||Cross-platform password manager||IOS, Android, Windows, MacOS, Linux, ChromeOS|
|Authy||Cross-platform 2 Factor Authentication App||IOS, Android, MacOS, Windows|
|FreeOTP||Cross-platform Open Source 2 Factor Authentication App||IOS, Android|
|Google Authenticator||Cross-platform 2 Factor Authentication App||IOS, Android|
|LastPass||Cross-platform password manager||IOS, Android, Windows, MacOS, Linux|
|Microsoft Authenticator||Cross-platform 2 Factor Authentication App||IOS, Android|