Latest revision as of 16:48, 17 December 2021

Other languages:

English • ‎日本語

Two Factor Authentication(2FA), is a feature within Neos designed to increase the security of your account. It uses an industry standard system called TOTP (time-based one-time password).

Actions that support 2FA

Required

Neos has a few features that require 2FA to be setup on your account:

NCR Operations
- Withdrawing
- Sending
KFC Operations
- Sending

If 2FA is not setup on your account, you will not be able to perform these actions.

Optional

When 2FA is setup, you can optionally enable 2FA for certain actions.

Logging in - To set this up, send /enableLogin2FA to the Neos bot.

If 2FA is not setup on your account then you will still be able to perform these actions.

Setting up 2FA

2FA Applications

To get started with 2FA the first thing you'll need is to setup a 2FA application. We recommend setting this up on your phone or at least a secondary device. This is because one of the principles of 2FA is using a "second device" for 2FA. This further increases the security gains of using 2FA as it becomes more difficult for an attacker to gain access to both your computer and your second device.

Any application that supports TOTP(time-based one-time password) should work with Neos 2FA. To assist here's a list of some common applications that support TOTP/2FA, please always do your own research:

Mobile Applications
- Authy - Supports Android, iOS and Desktop(This does require a mobile phone number for login)
- Google Authenticator - Supports Android
Desktop Applications
- Authy - As mentioned above
- WinAuth - Supports Windows
- Authenticator Extension - Supports Chrome, Firefox. Runs TOTP from your browser.

Once you have one of these applications installed you're ready to proceed.

In Neos Setup

Start by making sure you're logged in to your Neos account as normal and that you've got your 2FA application nearby and ready.

On the right hand side of the Home Screen of the dash you should see a "Setup 2FA" button:

Clicking the Setup 2FA button will open the "Setup 2FA" dialog, it is comprised of a number of steps and the first step looks like this:

Codes in this screenshot were voided after writing.

This step, contains your secret code in two forms:

A QR Code
A Text Based Code

You need to take this code and enter it into your application of choice. We recommend the QR Code approach. Doing this is different depending on the application that you can use but usually involves pressing a "+" or "Add" button. You can view the help documentation for your application of choice if you're not sure.

Once added, the application will start showing a 2FA 6-digit code. This code will change every 30 seconds.

Once this is done click "Continue" on the in Neos dialog.

The next page will look like this:

Codes in this screenshot were voided after writing.

It contains your 10 backup codes. Backup codes are codes which can be used in case you have lost your 2FA device or application. You MUST keep these codes safe and secure somewhere. Use the "copy to clipboard" button to copy the codes to your clipboard. You can then save them to a Notepad document and then store this document safely. We recommend you store these backup codes away from/off of your primary computer. A flash drive or backup drive is a good choice.

SAVE YOUR BACKUP CODES!!!!!: IF YOU LOSE YOUR 2FA DEVICE/APPLICATION AND YOUR BACKUP CODES. THEN YOU MAY PERMANANTLY BE LOCKED OUT OF YOUR ACCOUNT

Once you have saved these codes, click "Continue" on the in Neos dialog.

This next step is designed for you to prove to Neos that you've got everything setup correctly. You need to enter a 2FA 6-Digit code from your 2FA Application/Device. Once entered hit continue, it will validate the code you entered and if everything works out you'll see this next screen.

Once that's done you're ready to go. 2FA is setup. From now on when you carry out certain actions you'll be required to enter the code from your 2FA application/device. Remember this code changes every 30 seconds.

Using a backup code

If you've lost your 2FA device or application and you have a backup code you can use this in place of any 2FA code. You can only use each code once, we recommend deleting or crossing out used backup codes to avoid confusion.

Do be careful, once all 10 are used, they're gone. If you only have backup codes, then we recommend deactivating 2FA using them and then re-activating it using a new application/device.

Deactivating 2FA

To deactivate 2FA, simply press the "Setup 2FA" button again and then enter a 2FA code or a backup code.

FAQ

Why should I use 2FA?

2FA protects certain actions in Neos requiring you to enter an additional code from your smartphone or other device into Neos before an action is executed. In the event that a hacker or malicious party has gained access to your account's password or computer, it is unlikely that they also have access to your second device.

As a result, it makes your account more secure by verifying your identity in multiple ways.

What about alternatives to TOTP?

We're always investigating ways to make Neos more secure. If you want support for something like a Yubikey/FIDO Key, Email codes, Magic links, Web3 Authentication etc. then please check out GitHub. There are issues for many items so please search before creating one.

How do emergencies/disaster recovery work?

In an emergency, you can use your Backup codes to deactivate 2FA. Make sure these are stored in a safe space so you can access them should you need them.

Do you have a visual guide for this?

ProbablePrime has recorded a video tutorial for you.

@@ Line 1: / Line 1: @@
 <languages/>
 <translate>
+<!--T:1-->
 [https://en.wikipedia.org/wiki/Multi-factor_authentication Two Factor Authentication(2FA)], is a feature within Neos designed to increase the security of your account. It uses an industry standard system called [https://en.wikipedia.org/wiki/Time-based_One-Time_Password TOTP (time-based one-time password)].
-= Actions that support 2FA =
+= Actions that support 2FA = <!--T:2-->
-== Required ==
+== Required == <!--T:3-->
 Neos has a few features that '''require''' 2FA to be setup on your account:
 * NCR Operations
@@ Line 13: / Line 14: @@
 ** Sending
+<!--T:4-->
 If 2FA is not setup on your account, you '''will not be''' able to perform these actions.
-== Optional ==
+== Optional == <!--T:5-->
 When 2FA is setup, you can optionally enable 2FA for certain actions.
 * Logging in - To set this up, send <code>/enableLogin2FA</code> to the Neos bot.
+<!--T:6-->
 If 2FA is not setup on your account then you '''will still be''' able to perform these actions.
-= Setting up 2FA =
+= Setting up 2FA = <!--T:7-->
-== 2FA Applications ==
+== 2FA Applications == <!--T:8-->
 To get started with 2FA the first thing you'll need is to setup a 2FA application. We recommend setting this up on your phone or at least a secondary device. This is because one of the principles of 2FA is using a "second device" for 2FA. This further increases the security gains of using 2FA as it becomes more difficult for an attacker to gain access to both your computer and your second device.
+<!--T:9-->
 Any application that supports TOTP(time-based one-time password) should work with Neos 2FA. To assist here's a list of some common applications that support TOTP/2FA, please always do your own research:
+<!--T:10-->
 * Mobile Applications
 ** [https://authy.com/ Authy] - Supports Android, iOS and Desktop(This does require a mobile phone number for login)
@@ Line 36: / Line 41: @@
 ** [https://github.com/Authenticator-Extension/Authenticator Authenticator Extension] - Supports Chrome, Firefox. Runs TOTP from your browser.
+<!--T:11-->
 Once you have one of these applications installed you're ready to proceed.
-== In Neos Setup ==
+== In Neos Setup == <!--T:12-->
 Start by making sure you're logged in to your Neos account as normal and that you've got your 2FA application nearby and ready.
+<!--T:13-->
 On the right hand side of the Home Screen of the dash you should see a "Setup 2FA" button:
+<!--T:14-->
 [[File:2fa-button.png|250px]]
+<!--T:15-->
 Clicking the Setup 2FA button will open the "Setup 2FA" dialog, it is comprised of a number of steps and the first step looks like this:
+<!--T:16-->
 [[File:2fa-step1.png|250px]]
+<!--T:17-->
 ''Codes in this screenshot were voided after writing.''
+<!--T:18-->
 This step, contains your secret code in two forms:
 # A QR Code
 # A Text Based Code
+<!--T:19-->
 You need to take this code and enter it into your application of choice. We recommend the QR Code approach. Doing this is different depending on the application that you can use but usually involves pressing a "+" or "Add" button. You can view the help documentation for your application of choice if you're not sure.
+<!--T:20-->
 Once added, the application will start showing a 2FA 6-digit code. This code will change every 30 seconds.
+<!--T:21-->
 Once this is done click "Continue" on the in Neos dialog.
+<!--T:22-->
 The next page will look like this:
+<!--T:23-->
 [[File:2fa-step2.png|250px]]
+<!--T:24-->
 ''Codes in this screenshot were voided after writing.''
+<!--T:25-->
 It contains your 10 backup codes. Backup codes are codes which can be used in case you have lost your 2FA device or application. You '''MUST''' keep these codes safe and secure somewhere. Use the "copy to clipboard" button to copy the codes to your clipboard. You can then save them to a Notepad document and then store this document safely. We recommend you store these backup codes away from/off of your primary computer. A flash drive or backup drive is a good choice.
+<!--T:26-->
 '''SAVE YOUR BACKUP CODES!!!!!: IF YOU LOSE YOUR 2FA DEVICE/APPLICATION AND YOUR BACKUP CODES. THEN YOU MAY PERMANANTLY BE LOCKED OUT OF YOUR ACCOUNT'''
+<!--T:27-->
 Once you have saved these codes, click "Continue" on the in Neos dialog.
+<!--T:28-->
 [[File:2fa-step3.png|250px]]
+<!--T:29-->
 This next step is designed for you to prove to Neos that you've got everything setup correctly. You need to enter a 2FA 6-Digit code from your 2FA Application/Device. Once entered hit continue, it will validate the code you entered and if everything works out you'll see this next screen.
+<!--T:30-->
 [[File:2fa-step4.png|250px]]
+<!--T:31-->
 Once that's done you're ready to go. 2FA is setup. From now on when you carry out certain actions you'll be required to enter the code from your 2FA application/device. Remember this code changes every 30 seconds.
-= Using a backup code =
+= Using a backup code = <!--T:32-->
 If you've lost your 2FA device or application and you have a backup code you can use this in place of any 2FA code. '''You can only use each code once''', we recommend deleting or crossing out used backup codes to avoid confusion.
+<!--T:33-->
 Do be careful, once all 10 are used, they're gone. If you only have backup codes, then we recommend deactivating 2FA using them and then re-activating it using a new application/device.
-= Deactivating 2FA =
+= Deactivating 2FA = <!--T:34-->
+<!--T:35-->
 To deactivate 2FA, simply press the "Setup 2FA" button again and then enter a '''2FA code''' or a '''backup code'''.
+<!--T:36-->
 [[File:2fa-deactivate.png|250px]]
-= FAQ =
+= FAQ = <!--T:37-->
-== Why should I use 2FA? ==
+== Why should I use 2FA? == <!--T:38-->
 FA protects certain actions in Neos requiring you to enter an additional code from your smartphone or other device into Neos before an action is executed. In the event that a hacker or malicious party has gained access to your account's password or computer, it is unlikely that they also have access to your second device.
+<!--T:39-->
 As a result, it makes your account more secure by verifying your identity in multiple ways.
-== What about alternatives to TOTP? ==
+== What about alternatives to TOTP? == <!--T:40-->
 We're always investigating ways to make Neos more secure. If you want support for something like a Yubikey/FIDO Key, Email codes, Magic links, Web3 Authentication etc. then please check out [https://github.com/Frooxius/NeosPublic/issues GitHub]. There are issues for many items so please search before creating one.
-== How do emergencies/disaster recovery work? ==
+== How do emergencies/disaster recovery work? == <!--T:41-->
 In an emergency, you can use your Backup codes to deactivate 2FA. Make sure these are stored in a safe space so you can access them should you need them.
-== Do you have a visual guide for this? ==
+== Do you have a visual guide for this? == <!--T:42-->
 ProbablePrime has recorded a [https://www.youtube.com/watch?v=EJYpKeEH9y8 video tutorial] for you.
 </translate>

Difference between revisions of "2FA"