FAQ Two Factor Authentication (2FA)

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

Two Factor Authentication (2FA)​


What is Two Factor Authentication?​

Two Factor Authentication is an option for ScubaBoard members to login with much higher security. It will make it extremely difficult for a hacker to hijack your account without also hacking your phone or email.

Some form of 2FA is increasingly mandatory for online financial services and is an option on many Web sites including Amazon.

Email or App?​

Once you make the decision to use 2FA on ScubaBoard, you need to decide between receiving your auth code by email or with an app on your smart-phone or tablet. Examples of getting your auth code by email can be found below, but you are probably not as familiar with using 2FA apps.

The first thing to note that a cellular or WiFi signal is not required to use a 2FA app, except for the initial installation. Scanning the QR code creates an account in the app and generates new numbers every minute.

GoogleAuth2FA.png

This is an example image from the Google Play site. The app regenerates the auth codes every minute.

Notice the 30-second timer icon at the right. It ticks off every second so you can see the time available before the numbers change. The blue icon turns red about 4 seconds before it resets in some apps.

You use the app to scan the QR code on the ScubaBoard screen once, which adds the account to the list. You can rename the account title if needed.



Which App and where do I get it?​

The Apple App Store for iPhones and iPads or Google Play for Android phones. Just search 2FA and screens of free apps are available for download. The two apps that are specifically mentioned in ScubaBoard's 2FA configuration screens are Authy and Google Authenticator, but I have tried one or two others and they work fine.

You may find some useful comments in this thread :

1633906092830.png


Step1: Open the Password and Security page for your account.


















Step 2: Click the Change button to enable 2FA

1633906486432.png

Step 3: Confirm your password

1633906376838.png

:rtarrow: Note: Skip to Step 4, by Email below if that is your preference.

Step 4, by App:
Click the Enable button for Verification code via app

1634427147782.png


Step 5, by App: Scan the QR code with the 2FA app on your smart phone or tablet.

1634427250436.png


:rtarrow: The steps for setting up 2FA by email begin here.

Step 4, by Email:
Click the Enable button for Email Confirmation.

1633906637264.png

Step 5, by Email: received email. You should receive an email that looks something like this:

1633906838508.png

Step 6: Copy the confirmation code from the email to the box below.

1633906920444.png


Continued in the next post

 

Continued from previous post



Step 7: Copy backup codes. It is important to copy these codes and save them in a file. There may be times when you can't use your phone app or receive email and these one-time used codes will get you in.

For security, you may not want to label them some like "2FA emergency backup codes for ScubaBoard". They are just a bunch of numbers to someone else until you give them context.

1634427048733.png

Step 8, finished: Note that you can disable or change to a different 2FA method (smart-phone app or email) and generate new backup codes on this page.

1634426954369.png

Step 9, Login: Login to ScubaBoard. Take special note of the "Trust this device for 30 days" checkbox. That is convenient on devices that you use exclusive access to and regularly use to access ScubaBoard.

Enter the auth code number received by email, or the app, an click save.
1634426807513.png

Authorization Codes & Cookies*​

Re-entering the auth code will be requited:
  • When 30 days pass, if that option was checked in the above screen.
  • When another device is authorized to access ScubaBoard using your account.
  • When ScubaBoard's cookies are not save or deleted. Some people set their browser to delete cookies when exiting for added security.
  • When you change 2FA authorization methods or disable and re-enable it.
* Cookies are small files stored on your device that often includes unique identifiers that web servers send to browsers.


End of Multipart post

 

Back
Top Bottom