Two-factor authentication¶
AyaNova supports Two-Factor authentication ("TFA") as an additional security measure for any User account. The first "factor" in TFA is the user name and password as normal, the second "factor" is a 6 digit one-time passcode that changes every 30 seconds and is unique for every AyaNova User.
Passcodes are generated in a 3rd party TFA App running on a device that you "link" to your AyaNova account. Typically this means a TFA app running on an Android or Apple iOS device.
Enabling TFA means that even if a login name and password were to be accidentally exposed a malicious user would still not be able to login unless they had that User's device with their TFA authentication app available.
If AyaNova can be accessed outside a private network, we strongly recommend all users enable TFA, in particular the SuperUser account and any User accounts with Business Administration roles.
Authorization Roles required¶
This form is available to all users regardless of role.
How to access Two factor authentication¶
TFA settings are accessed from the User settings two factor authentication menu item.
Enabling TFA¶
Two-Factor Authentication is enabled from the "Two Factor Authentication" menu option in the form Home -> User Settings
menu.
Due to the nature of TFA it is not possible for an Administrator to set this up on behalf of a User, it must be done logged in as the User account with their device containing their TFA authentication App at hand.
Disabling TFA¶
Two-Factor Authentication is disabled by the user from the "Two Factor Authentication" menu option in the form Home -> User Settings
menu.
A User with rights to edit other User accounts can disable TFA for any User from the Adminstration -> User
edit form's menu.
TFA Apps¶
There are many Two-Factor Authentication apps freely available for all device types and AyaNova uses an open standard so any legitimate TFA app should work with AyaNova.
Here are some TFA applications that have been tested with AyaNova specfically:
- DUO
- Google Authenticator for iOS
- Google Authenticator for Android
- Microsoft Authenticator (iOS / Android)
- Authy
These apps are all legitimate and widely used, however there are known cases of other malicious TFA applications so be careful and do some research if using one not on the list above.