Two-factor authentication (2FA) is a security process that requires 2 authentication factors to access your account, "something you know" (your password) and "something you have" (in this case, your phone). This extra layer of security means that an attacker would not only need to steal or guess your password, but they'd also need to steal your mobile phone.
MHPOD uses Time-based One-Time Passwords (TOTP) as an optional second security factor you can add to your account. TOTP passwords are generated by an Authenticator app on your mobile phone and are only valid for a short period of time. They are based on the current time and a secret key that you share with MHPOD. Your Authenticator application will generate a new password every 30 seconds and only your phone and the MHPOD server know your secret key, so only your phone can generate tokens that can unlock your account.
To get started with 2FA you will need an Authenticator app for your phone. There are many to choose from, but here are 3 of the most popular.
After you have your preferred Authenticator app installed, head over to MHPOD
- Login to MHPOD and goto your Profile Page
- Toggle the Use Two-Factor Authenticator switch on
- Add the TOTP Secret to your Authenticator app
- Save your profile (don't forget to do this!!)
You can now logout and when you log back in you will be asked for your password and the current One-Time Password from your Authenticator app.
If you ever forget your password or you lose access to your Authenticator app, you can always use the "Forgot your password?" link on the MHPOD login page to receive a login link via email that you can use to reset your password and generate a new TOTP secret key.