In this article:
1. What is Two Factor Authentication (2FA)?
2FA stands for Two-Factor Authentication, which is a special case of Multi-Factor Authentication. MFA is a security technique that uses more than one step to authenticate a user. For example, it can use something that the user knows (usually a password), something that the user has (a physical key, credit card, USB token, smartphone), and/or something that the user is (fingerprint, voice recognition, retina scan). We already use the first way (or factor) of authentication – you have to know your password to get access to your Businessmap account. However, passwords alone do not provide the best security since there are various ways in which they can be stolen.
So, if you are one of our customers who are concerned about the safety of their data, worry no more – we’ve got you covered!
2. How to Set Up and Use 2FA?
1. Businessmap Account Owners can turn on 2FA for each user (or all at once) from the Administration Panel:
2. Once 2FA has been enabled for a user, the next time they try to log in, they will see a 2FA setup screen similar to this:
2.1. 2FA with the Businessmap App
If you are not using our app on your Android or iOS device, you will need to download it to set up and use your account's 2FA. You can find the app in the Google Play Store and App Store.
Once you have downloaded our app and signed into your account, navigate to the tribar menu on the upper left corner of your screen. Select “One-time Password” from the menu and click on the “Setup Key” button at the bottom.
You can either scan the QR code from the 2FA setup screen (Img. 2) or manually type in the Secret Key (don't forget to click Save).
You will get a notification message after your successful setup.
Now all you need to do is enter the one-time password in the 2FA setup screen (Img. 2) and click on Log In.
Every other time you log into your account, you will see a window requesting you to type in a one-time password (which you can access from our app).
Alternatively, you can also verify the login from the confirmation request notification sent to your device from the Businessmap mobile app:
Reset 2FA Key
It is important to note that the setup screen (Img. 2) appears only the first time after 2FA has been enabled. Once the setup is complete, you will not be able to see your secret key again. So, if you want to use 2FA on more than one device, you should save your secret key on all of them before completing the setup. If at a later point, you need to re-setup your 2FA, you should ask your Businessmap Account Owner to reset your 2FA key:
- Open the Administration panel → Users tab → three-dot menu.
- Click on “Reset 2FA key” (Note: this button will appear only if the user has already completed the setup of a 2FA key):
2.2. 2FA with Google Authenticator
Now, what if you don’t have an iOS or Android device? Don’t worry – we have a solution for you. Our implementation of 2FA is completely compatible with Google Authenticator and the numerous third-party compatible implementations that cover Blackberry, Windows Phone, and many other operating systems.
Here is how to set up the 2FA of your Businessmap account using Google Authenticator:
- Open the Google Authenticator app on your phone and click on the plus icon in the lower right corner of your screen.
- You will be presented with two options:
- Scan a QR code — this is the QR code from the 2FA setup window (Img. 2). This is the recommended option.
- Enter a setup key — this is the secret key from the 2FA setup window (Img. 2)
- After you have scanned the QR code (or entered the setup key), your Businessmap account will be added to the Google Authenticator app.
- To enter your Businessmap account, enter the six-digit code (which serves as your one-time password) in the one-time password field and you are all set!
You can also set up 2FA with a range of other apps, such as:
If, after entering your 2FA key, the OTPs that the app generates are invalid, here are some things to check:
If you entered the key manually, one obvious thing to try is entering it again to rule out typos (scanning the QR code saves you this trouble).
We already mentioned that in the setup screen, but make sure your phone’s time is correct.
Ask your Businessmap Account Owner to reset your 2FA key.
If nothing of the above helps or you have another problem, contact our support team at firstname.lastname@example.org, and we will help you solve the issue.
Also, one technical thing worth noting: once 2FA is enabled for a particular user, it will affect not only the web login process but also our REST API. Generally, you use the API in two ways:
• Through our mobile apps
• Through a custom third-party app
As far as our apps are concerned, you don’t have to worry about anything – once you set up 2FA on your device, the app will do what is needed behind the scenes, and you will continue using it as before. However, a problem may arise if you use our app on more than one device. In this case, you have to set up your secret key on all of them.
Using the API with 2FA through a custom third-party app will be a little more challenging! For every request (except for Login), you will have to supply an HTTP header named “otp” with the current valid One-time password. Use Google Authenticator’s time-based algorithm to generate OTPs. Before that, you will have to save your personal 2FA secret key in a secure place. Currently, Google Authenticator’s source code is proprietary, but it was open-source until version 2.21, so you can use it as a reference here.