@portfast
News & views, serious business.
News & views, serious business.
As we take security very seriously here, we've decided to implement two factor authentication using Google Authenticator. We selected this as it uses two open algorithms as laid down in RFCs 4226 and 6238. This means no lock-in, thereby not restricting you to a Google product.
It works by taking a secret that we generate and storing that on your device. When we ask for your 2FA one time password, your device generates a number based on this secret and we compare that to a number that we generate using the same algorithm which then confirms that we have the same secret without actually passing it in the clear.
Once enabled therefore, you need to not only know something (your password) to log in, but to have something too in the form of a device capable of calculating the one time password. With this in mind, please make sure your contact details are up to date in case we should ever have to reset your account if you lose all your 2FA devices, as we will need to prove that you are who you claim to be.