2FA / 2-Step Verification
With 2-Step Verification, also known as “Two Factor Authentication” (or 2FA for short), you'll protect your user accounts with something they know (their passwords) and something they have (their mobile devices). With 2-Step Verification, if a bad guy gets his hands on a user's password, he'll still need the user's mobile device in order to sign into the FileRun account.
Signing in to the FileRun account will work a bit different
1. Whenever your users sign in to FileRun, they'll enter their passwords as usual.
2. Then, they'll be asked for a code that will be generated by a mobile app such as Google Authenticator (iOS version) or Microsoft Authenticator (available for both Android and iOS). These codes can be used only once and their are valid for about 60 seconds (just enough time to allow you to type them in).
Enabling 2-step verification
The option can be turned on or off by the administrator, for each FileRun user account. It requires no effort from the admin user. Just click the “Enable 2-step verification” checkbox available when adding or editing a user account.
First sign in
When a FileRun user with 2-step verification enabled tries to sign into his account for the first time, he will be asked to scan a QR code with his mobile, using the “Google/Microsoft Authenticator” app.
Note: As FileRun follows the RFC6238 standard for TOTP security tokens, “Google/Microsoft Authenticator” are not the only apps that can be used. “Authy” (https://www.authy.com) or “Tokenizator” are examples of other programs that can have been tested to work with FileRun.
Follow these steps:
- Install “Google/Microsoft Authenticator” using your mobile's app store.
- Open the “Google/Microsoft Authenticator” app and tap the (+) button or “Add account”.
- Tap “Scan a QR Code” and point the mobile device's camera at the QR Code on the computer screen.
- Click “Done” on FileRun's login page.
- Type the verification code displayed on your mobile device into the Filerun login form.
Subsequent sign-ins
After you have added your FileRun account to Google/Microsoft Authenticator, you will no longer be asked to scan a QR Code, but only to provide the verification code.
Changing/loosing the mobile device
If you have a new mobile device, use the “Forgot password?” link (available on the FileRun login form) to reset your password.
This will also render useless the codes generated with “Google/Microsoft Authenticator” on the old mobile device.
The superuser can also reset a user's 2-step verification from the FileRun control panel.
Using WebDAV with 2-step verification
Use the “Connect app” option to generate a new set of credentials, which do not require 2-step verification, and which are limited to the use of WebDAV and the API. Do note that this option requires the FileRun API to be enabled.