Securing Your Account with Two-Factor Authentication (2FA)¶
To improve security, you can setup your account to require a one-time passcode (OTP) in addition to your password when you sign in. The passcode is generated by a mobile app and changes every 30 seconds. Using two-factor authentication (2FA) is one of the best ways to protect your account.
Configuring Two-Factor Authentication¶
To use two-factor authentication with CellEngine, you need a mobile authenticator app such as:
- Log in to CellEngine and navigate to your profile.
- Click configure in the Two-Factor Authentication section.
- Follow the steps provided there.
You will be given a set of recovery codes during setup. Keep these safe and private! You may need them to access your account if you forget your password or lose access to your authenticator, and anyone who has access to these codes can access your account. We recommend printing them and storing them in a safe location.
If you use a password manager like 1Password or LastPass to store your passwords, using the same app as your authenticator reduces the benefit of 2FA because someone who gains access to your password manager will also have access to your one-time passwords. See this blog post for more info.
You can configure multiple authenticators when you setup 2FA by scanning the same QR code from each authenticator. Some authenticator apps such as Authy offer syncing across devices via the cloud. However, the US NIST discourages using multiple devices (see NIST 800-63b section 126.96.36.199).
CellEngine does not support using SMS for two-factor authentication because it is less secure than authenticator apps.
Setting up a New Two-Factor Authenticator¶
If you get a new phone or authenticator app and need to re-configure two-factor authentication manually, follow the steps above. This will remove your previously configured authenticator from your account.
If you need to add an additional authenticator/device to your account, you need to repeat the steps above and scan the same QR code with all devices. You cannot add another authenticator after you complete configuration.