Use of a smartphone app is probably the most often used and easiest way to "prove you are you". At the same time, there are a number of situations when it can prevent you from being able to log through the Identity Hub and access the application you are trying to use.
- You are prompted for a 2SV code but don't remember enabling it
- The codes from the smartphone app don’t work.
This assumes that you have installed the smartphone app and set up your identity account so that, in the smartphone app, you are seeing a 6-digit code but that the number doesn’t work when trying logging into any of our systems.
We have discovered that the phones are sometimes not set up to get the date and time automatically from the network/cellular service provider. This results in the code the smartphone app displays being out of sync (different) than what the web page requires.
We find that the problem with the codes is solved when this phone feature is set correctly..
- For IOS phone, go to Settings > General > Date & time
- For Android, go to Settings > System > Date & time
Ensure “Automatic date & time” is on.
If you are using Google Authenticator, open the app, select the 3 dot menu in the top right, then Settings, then Time correction for codes, and then “Sync Now”.
Now, try entering the 6-digit code on the web page again. Hopefully it will work.
- You receive and email about 2SV being disabled but don't recall doing this.
Up to three 2-Step Verification means can be set up for an identity account (smartphone app, security key, printable codes). If you later remove all of these means, perhaps one at a time, a warning/notification is displayed, 2-Step Verification is disabled, and eventually the email (which you copied in this ticket) is sent you.
We have no way of determining when this happened, whether it was you or not. Hence the email alert sent to you. Either way, you have the choice to leave 2-Step Verification disabled (no action required) but, since we do recommend turning on 2-Step Verification, you can use the steps provided in the email to turn it back on, by enabling at least one of the three means.
Of course, we will always recommend using more than one method and that you should always include setting up printable codes .
- You have two smartphones (one used when home and the other overseas). You would like to use both smartphones with my 2-Step Verification.
Option #1: There is a trick that would, in fact, give you the result you are looking for (2 smartphones set up to authenticate with). For 2-Step Verification in this new Identity Provider system, we are talking about using either the Google Authenticator app or the Authy app which generate a code. This IdP system does not use SMS to sent a code to a smartphone for 2-Step Verification as some other applications do, such as Google currently.
The trick is to install the app on both phones. Then log into your profile and enable the smartphone app. (If you've already enabled it, disable it and then re-enable it.) This will display a QR code on the screen. Use that display to first scan on the first phone (setting up the account in the app) and then grab the other phone and repeat the process. Since the QR code is the same for both phones, both will now be able to provide the code you will need later for verification.
Option #2: Use Authy as your smartphone app and configure a master password. You can then install Authy on multiple devices and and it will sync all your accounts across all the devices.
- 2-Step Verification was set up on an original phone, but is being replaced by a new phone.
We hope that you had an alternate means, such as printable backup codes, to be able to log into your profile. If so, you can scroll down you profile and choose the Replace Phone option under Smartphone App. This will walk you through a few screens and let you set up the smartphone app on your new phone.
If you don't have a second way of "proving you are you", read about the "rescue me" feature on the 2SV topics page under "Nothing works. What can I do?"
- How I disable 2 Step Verification for my identity account?
First, we would like to understand the reasons you wish to disable 2SV since the general feedback from those that are using it is that it is convenient to use and adds confidence about the security of their account.
Second, 2SV is required for some departments and users, and disabling it may not be an option.
Regardless, here are the steps to disable 2SV.
- Log into your profile
- If you have enabled use of a smartphone app, select Disable
- If you have enabled use of a security key, select Disable
- If you have generated a set of printable codes, select the "delete" link.
When you choose to remove the final 2SV method, you will be warned that 2SV will be disabled and ask you to confirm this step.
Disabling all three options results in turning off 2-Step Verification. Did we say this is not recommended?