{{define "title"}}Two-Factor Authentication{{end}} {{define "content"}}

Two-Factor Authentication

{{ $User := .CurrentUser }}
{{if .TwoFactor.Enabled}}

Two-Factor status: Enabled!

When you next log in to your account, you will need your Authenticator App handy to produce the time-limited six-digit code to log in.

{{if .IsPairingSecondDevice}} {{template "2fa-setup" .}}
{{end}}

Backup Codes

In case you lose access to your Authenticator App, please print off or write down these backup codes which will allow you to re-gain access to your {{PrettyTitle}} account. Each of these codes may be used one time in response to your 2FA Authenticator prompt at login.

{{range .TwoFactor.GetBackupCodes}}
{{.}}
{{end}}

If you would like to re-generate these backup codes, click on the button below. This may be useful if you have needed to log in using these codes (which are one-time use only) and wish to generate a fresh set of backup codes. Note that re-generating new codes will cause the old ones to no longer work!

{{InputCSRF}}

Disable Two-Factor Auth

If you wish to disable two-factor authentication for your account, please enter your account password for verification and click on the button below.

{{InputCSRF}}

Set Up Another Device

If you wish to set up another authenticator device and view your original QR code, you may do so by entering your current account password below. This may be useful if you have bought a new phone or want to migrate your authenticator to a different device, so that you may access the original QR code and configure the new authenticator.

Note: this will not change your 2FA security key or backup codes. If you have lost your old authenticator, it will be more secure to disable and then set up 2FA from scratch, which will generate a new secret key and backup codes.

{{InputCSRF}}
{{end}} {{if not .TwoFactor.Enabled}}

Two-Factor status: Disabled!

What is Two-Factor Authentication?

Two-Factor Authentication (or 2FA) is a security feature that can help to protect your account in case somebody finds out your password. When logging in, you can use an Authenticator App that will generate temporary one-time use codes to log in to your account.

For example: if somebody figured out your username and password for {{PrettyTitle}}, they would be able to log in as you with that information. With 2FA you can add a second factor to your login: the two factors are "something you know" (your password) and "something you have" (your Authenticator App that produces six-digit codes). This way, if somebody learns what your password is, they still can't log in to your account unless they also have your Authenticator App.

After you set up 2FA, from the next time you log in to {{PrettyTitle}} with your password, you will also be prompted to enter the six-digit code from your Authenticator App. In case you lost access to your Authenticator, you will be able to use a "Backup Code" to log in -- you will be able to see your Backup Codes after setting up your Authenticator App.

{{template "2fa-setup" .}}
{{end}}
{{end}} {{define "2fa-setup"}}

Set up your Authenticator App

To set up Two-Factor Auth, you'll need to download and install a compatible Authenticator App on your device. Some suggestions for apps that are compatible with {{PrettyTitle}} are as follows:

Add {{PrettyTitle}} to your Authenticator App

When you have your Authenticator App ready, click on its "Add a new site" button and scan the following QR code to enroll your device for {{PrettyTitle}}:

{{ToHTML .QRCode}}

Alternatively (if you can't scan the QR code), you may copy and paste this secret text in to your Authenticator app:

Test your Authenticator App

After scanning the QR code (or copying the secret key) into your Authenticator app, you should be able to generate temporary six-digit authentication codes.

Test that you have enrolled your authenticator correctly by entering the current six-digit code below:

{{InputCSRF}}
{{end}} {{define "scripts"}} {{end}}