How do I setup Two-Factor Authentication (2FA) on my Krystal account?

Whilst we recommend you set up Two-Factor Authentication for your Krystal Client Area - it is not mandatory to do so. The only mandatory requirement is that you set up your security question and answer - we use this to help verify your identity should you contact us.

What is Two-Factor Authentication (2FA)?

Two-factor authentication adds an additional layer of security to your Krystal client area by adding a second step to your login. In addition to something you know (i.e. your existing password) it adds what is known as a possession, or second factor, based on something you possess - which in this case will be an App on your mobile phone or desktop.

Since both are required to log in, even if an attacker has your password they can't access your account unless they also possess your phone.

Why is Two-Factor Authentication necessary?

Passwords are often compromised when mobile devices or computers are stolen or infected with malware - or when insecure networks are used to retrieve passwords by email. They can often be guessed, they usually don't change very often, and despite advice otherwise, many of us have favourite passwords that we use for more than one thing. So two-factor authentication gives you additional security because your password alone no longer allows access to your account

What Type of 2FA does Krystal support?

Currently, we support the open-source OAuth service (external link opens in a new window), simply because it is free to implement for our customers and is in widespread use. All that is required is an App that supports the creation of OTP (One Time Password) tokens. This basically means that the App produces a 6 digit number that changes every 30 seconds. This number is entered along with your usual client area login password.

While there are a lot of apps that do this, we tested and like Google Authenticator - which has versions for iPhone & Android devices as well as a Chrome browser extension.

  1. You'll need to have a 2FA app like Google Authenticator installed before you'll be able to complete this process.
  2. Login to your Krystal Client Area and then click on your name in the top right corner.
  3. Click Security Settings
  4. Click Enable Two Factor Authentication.

You'll now see first the 2FA setup screen. Follow the steps:

1) Scan this code with your Two-Factor Authentication (2FA) App

Open your 2FA app and follow the app's instructions to add a new account. Instructions for Google Authenticator can be found here, for both iOS and Android

Once you've scanned the barcode or entered the displayed text code, the new account should be added in your app and generating One-Time Password (OTP) codes.

2) Enter the code displayed in the app

Enter a valid code or scan the QR code from your app and click Verify.

  1. Finally, make a note of the backup code given in Step 3 - you can use this to log in should you not have access to the app to generate an OTP code. Click Confirm and finish to complete setup of 2FA.

Generating a new backup code or disabling two-factor authentication

When you return to the Security screen you'll now see two options:

Generate a new backup code - you'll need to do this if you either use or lose the one issued

Deactivate 2FA - to turn off 2FA on your Krystal login

To perform both of these actions you will need to provide a one-time code from your authenticator app.

Unable to create a 2FA code or use a backup code

If you're unable to generate a 2FA code - maybe you've changed phones or no longer have access to the 2FA - and you don't have access to your backup code you'll need to contact support and supply the required ID and we will disable it for you.

How did we do?

Powered by HelpDocs (opens in a new tab)
© Krystal Hosting Ltd 2002–