- 4 Minutes to read
- Print
- DarkLight
Two-factor Authentication (2FA) and Shared infoodle Log-in
- 4 Minutes to read
- Print
- DarkLight
For access to infoodle we recommend that each separate user be issued their own unique login account, with their own Username and Password and Two-Factor Authentication.
However, there are some situations where several users may share roles or functions, in which case there may also the need to share an infoodle log in.
With the introduction of two-factor authentication (2FA), it is necessary that when different users log-in to the shared account, they will need access to the 2FA passcode for that login. Typically this means having that code available on all of the user's phones.
For more information on the setup and management of Two-factor Authentication for infoodle users, see Two-Factor Authentication
The Setting up of a Two-Factor Authentication code for shared use will differ, depending on the Authenticator Application used.
- Google Authenticator - Set up a shared code via the Export/Import Function
- Authy Authenticator - Share codes via the Authy Multi-Device function
As the setup is specific to each application, all users must be using the same application to access the shared 2FA code.
Google Authenticator
If you use the Google Authenticator App, you can have the initial User set up Two Factor authentication as normal on their device.
Once set up, the user can use the Export function, to make one or more Authenticator codes available to be imported into another device.
To transfer Authenticator codes to a new phone, you need:
- The current phone with Google Authenticator code(s) set up
- The latest version of the Google Authenticator app installed on the current phone
- The new phone you are adding the code(s) to, with the latest version of the Google Authenticator app installed
Transfer Process
On the original phone, create a QR code:
- In the Google Authenticator app, tap More (3 dots menu), then Transfer accounts and then Export accounts
- Select the account(s) you want to transfer to your new phone, then tap Next.
If you transfer more than one account, your phone may create more than one QR code.
On the new phone
- In the Google Authenticator app, tap Get Started then Import existing accounts; OR tap More (3 dots menu), followed by Transfer accounts and finally, Import Accounts
- On the new phone, tap Scan QR code and scan the code(s) displayed on the original phone. This will load the 2FA Code(s) on the new device
After you scan your QR codes, you should see confirmation that your Authenticator accounts have transferred.
If your camera can’t scan the QR code, there may be too much information. Try to export again with fewer accounts.
The above process is a Manual code transfer, not a shared Two-Factor Code.
If you remove the 2FA for any reason for the Shared login, and set it up again, you will need to remove the old 2FA code from each device, and transfer the new code.
Authy Authenticator
Authy refers to the shared 2FA feature as Multi-device.
This allows the sharing of two factor codes from a Single Authy login account across multiple devices.
The Authy Multi-Device function will share All Two Factor Codes for an Authy Account. For this reason, we advise using a new Authy account only for the shared log-in, and not an existing account that has personal 2FA codes stored.
If one of your users has Authy installed for Personal use on their device, they will not be able to log in with a second account on that same device for accessing a shared 2FA Code.
In this scenario, you may consider using the Authy Desktop Application for computers so that the shared Authy account can be used there, instead of via the Phone Application.
You can download Authy for your computer from their website: Authy Download Page
Enabling Multi-Device
(from https://authy.com/blog/multi-device/)
Accessing Authy 2FA from a second, or subsequent, device takes just a few moments to set up.
Open the Authy app on your primary device. Tap on Settings (the gear icon at top right).
Tap Devices.
Turn on Allow Multi-device.
Now, on your second device, install Authy.
Once installed, open the Authy app. When prompted, enter the phone number of your primary device.
A popup will appear displaying Get Account Verification Via. Tap Use Existing Device.
Go back to your primary device. A notification will ask you to verify the addition of the new device. Tap Accept.
When prompted to approve this decision, type OK in the entry field.
Return to Settings on your primary device and tap Devices again.
You will now see two trusted devices connected to any current (and future) two-factor services you enable with Authy.
Repeat with the other devices that need a shared log-in.
Staying Secure
DON’T SET IT AND FORGET IT: To prevent any additional (and unauthorised) devices from being added, make sure you go back and disable Allow Multi-device on both devices. You can always return and repeat the process from either of these trusted devices.
The rule of thumb: install Authy on at least two devices and then disable Allow Multi-Device.
BEFORE YOU SELL: Make sure the device that you use for authentication is always password-protected, and if you’re planning on changing or upgrading a device, make sure you remove access by that device in your Authy account settings before you sell your old phone.