Agend 2FA Security- Customer Documentation

Overview

Two-factor authentication options are now included free for Agend Customers to provide greater protection over their accounts. This document sets out the options for Agend Customers who wish to take up two factor authentication to enhance their security and protection.

What is Two Factor Authentication (2FA) ?

Two-factor authentication” is an additional login security feature which is used by banks, government agencies, and military worldwide. It is one of the most secure forms of remote system authentication. It’s available from Wordfence for your Agend website. This method of signing in to your website relies on something you know and something in your possession. That is why it is referred to as two-factor – because two factors are involved in authenticating you as an Administrator.

In this case you know your password and you are in possession of your cell phone or another authenticator device. If we can verify both of these, then we know that it’s okay to allow you to access your website and the Administration controls to access data and make system changes.

Your Wordfence 2FA tool now uses an authenticator app, such as Google Authenticator, to generate unique codes for you rather than relying on text messages.

Instructions and usage

Enable 2fa for your Agend Site by requesting setup on your account through a support ticket 

Support will configure your 2fa site settings and allow any existing administrators a grace period to setup their access and select an authentication application.

The optional “Grace period to require 2FA“ allows you to set a date when this option will become effective, allowing admins to log in without 2FA until that time. After saving with this option enabled, we can “Send notification” to send an email to other admins on the site, notifying them of the date and actions to take.

Actions for setup

  • Each administrator will  be required to login to the site and activate 2fa settings and store their recovery code in a secure place (safe) and choose an authentication device (mobile phone) and Authentication application, these  below are common and typically free to use from the app store.
    • Google Authenticator
    • Microsoft Authenticator
    • Authy 2-Factor Authentication
  • Administrators will need to access an authentication application when they login to the site from this point on. Agend will ask for their Username / Password and the authentication code from their trusted device authenticator.

Example – Google Authenticator Code

  • Optionally you can allow remembering  a Administrator device for 30 days. When this option is enabled, users can click a checkbox to remember their device for 30 days. This sets a cookie unique to their device that will allow them to log in on that device without using 2FA from that device and browser. This feature is for convenience, but it is less secure than requiring 2FA for each login if a device is lost or stolen.

Steps to logging in following setup

  1. Enter your username and password and click the “Log In” button.
    1.  e.g https://mysite.com.au/wp-admin
  2. When the “2FA Code” prompt appears, enter the code from your authenticator app
    • If you use 2FA for multiple sites, be sure to pick the correct site
  3. Click the “Log In” button

If you have incompatible plugins or themes and can’t see the “2FA Code” prompt, or if you prefer a slightly quicker method, you can also enter a 2FA code directly after your password, in the same field:

  1. Enter your username and password, but do not click the “Log In” button yet
  2. Immediately after your password, enter the code from your authenticator app
    • If you used the old Wordfence 2FA, note that you no longer need to enter a space or letters
    • Example: For the password ‘mypass’ and code ‘233455’, enter ‘mypass233455’
  3. Click the “Log In” button to access your website.

How to use recovery codes

The recovery codes that you saved or printed during setup can be used if you ever lose your authenticator device or if you remove the app or its saved codes by mistake. Make sure you store these codes in a safe place.

Because they don’t expire, recovery codes are longer than normal codes — 16 letters and numbers instead of only 6 numbers — but each code can only be used once. An example recovery code looks like this: 5199 5c24 77dc 0ed7

The login process is the same as using a code from an authenticator app:

  1. Enter your username and password and click the “Log In” button, as usual
  2. When the “2FA Code” prompt appears, enter a recovery code
    • Remember, recovery codes are longer than regular 2FA codes
    • In this example, we would enter: 5199 5c24 77dc 0ed7
  3. Click the “Log In” button

Each recovery code can only be used once. You can generate new recovery codes on the Login Security page of your site. This is useful if you have used most of your codes, or if you lose the codes you previously saved or printed. Generating new codes will invalidate the previous codes.

  • Getting Started:
Was it helpful ?
Updated on 29/11/2024