How to use two-factor authentication
updated about 1 year ago
What is a two-factor authentication?
The two-factor authentication (2FA) is a security scheme that prevents someone who has your login and password information from accessing your account. It implies that access requires two separate pieces of information, called factors, which belong exclusively to a legitimate user and are hard to fake. For instance, user ID, password, access key, digital signature, proof of possession for email or mobile phone or another device, one-time password, etc.
In Ambisafe, we use one-time passwords sent to a user’s email and Time-Based One Time Passwords (TOTP) as an additional factors in the authentication process. Read more about common authentication types.
When is 2FA required?
Ambisafe products would check for a second factor and remember the device for 30 minutes to perform any of the following operations:
- Sign in
- Password change
- Enable or disable 2FA
- Email change
- Fund transfer
- P2P exchange order creation
How does it work?
When users create an account they should:
- Fill in the registration form.
- Provide an email address and confirm it.
- Install a 2FA application (e.g. FreeOTP or Google Authenticator on their smartphones and link it to the account in security settings by entering a one-time password (OTP) from this application.
The 2FA is considered as set for the account. Since this moment, when users want to sign in or to perform any of the actions listed above, they should:
- Provide their email and password.
- Open an application to get a one-time password (OTP) code or get a code to email, depending on account security settings.
- Provide the code to authenticate.
Alice has registered, confirmed her email and is logging into the CryptoWallet for the first time using her email address and password. The CryptoWallet would ask for an OTP confirmation via email since the last check was undefined minutes ago (actually, it never happened) and 2FA via smartphone application is not enabled. When she receives the code, Alice provides it and confirms the transfer of tokens to Bob’s address.
Why is 2FA needed?
We should expect that a user may lose some of the login credentials due to undetermined circumstances at an unknown time in the future because it is what's happening every day. Therefore, we need to follow the 2-factor authentication scheme to make accounts relatively safe even if some of the factors are leaked to hackers.