Omniwallet adds Multifactor Authentication (MFA)+ how to adds
Starting on Oct 6th 2016 users can now setup/add a compatible MFA device to their enhance their login security.
This security enhancement is aimed to provide our users additional peace of mind and safety in the protection of their Omniwallet accounts.
How to add a compatible MFA Device to your account and secure your Login
· What is Multifactor Authentication (MFA)?
- Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token). The goal of MFA is to enhance the security on your wallet and make it more difficult for an unauthorized person to compromise your account. If one factor is compromised or broken, there is still one more layer of protection stopping them
· What type of MFA tokens does Omniwallet use?
- Omniwallet has implemented Time-Based One-Time Tokens. When setting up this system the Omniwallet server will randomly generate a shared secret. You, the user, scan/import this shared secret into your compatible MFA device which allows it to generate unique random numeric tokens that change every 30 seconds. When you input this token into the setup field, Omniwallet servers calculate the same token based on the shared secret. If the tokens match you will be verified and allowed to add the MFA setup to your account (or if you were logging in you'll be authenticated and your login will proceed).
· What are compatible MFA devices?
- At the moment any MFA device that allows you to scan or input the shared secret displayed within Omniwallet should be supported. The two most common virtual/software applications are the 'Google Authenticator' or 'Authy' Mobile App but these are not the only ones. These devices/setups give you, the user, a physical device that must be present and in the possession of anyone trying to login to your account.
· How do I Setup my MFA device?
- Adding a compatible MFA device to your account is relatively straightforward. First start by logging into your account and then going to the 'My Account'->'Account Settings' option in the upper right of your wallet:
· Once on the 'Account Settings' page take a moment to ensure your email address is updated and accurate.
- In the event your MFA device gets lost/stolen/broken this is one of the methods we'll need to help ensure you are the account owner.
· After verifying/saving your info you can then start the MFA setup by clicking the appropriate link
- From here you'll be able to scan the QR code with your
MFA device (or manually input the shared secret).
- Take Note of your shared secret and back it up in a safe place. In the event your MFA Device is lost/stolen/broken this is your way of regaining access to your account. You can import this secret into your new device to regain access to your MFA generated tokens. WARNING Anyone with this secret can generate your MFA login tokens so guard this very carefully.
- After scanning the QR code (or inputting the secret)
can then set a Personal Security Question/Answer.
- This is very important. Because email addresses can sometimes be compromised this question/answer is the final fallback and can be used to verify you are the account owner in the event you need Omniwallet Support staff's assistance to disable/remove the MFA device from your account.
- After filling in all the fields the final step is to enter the current token (typically a 6 digit number) being generated/displayed on in your MFA device and click submit.
If everything goes well you're account is now setup and you'll need to use your MFA token when signing in from now on. If you are having issues with your token generation double check that the code you entered is accurate (We highly recommend using the QR scanner to ensure no typo's or mistakes). If you continue to have issues checkout this Knowledge base article for troubleshooting.