How do I setup Two-Factor Authentication (2FA) on my WebClient account?
So you’re interested in making your account even more secure! Excellent! At WebClients.co.uk we’re always pushing to ensure our clients are using the most secure methods and 2FA is just one of the many options. Firstly –
What is Two-Factor Authentication (2FA)?
Two-Factor Authentication (2FA) adds another layer of security to your WebClients account. It does this by adding a second step during the process of logging in to your account. In addition to something you know (ie, your existing password) it adds what is known as a ‘Possession’, or second factor, which is based on something you possess. In our case, we will be using an App on your mobile phone (iOS and Android).
The crucial purpose of 2FA is to prevent attackers accessing your account even if they have your password. As they would be required to also posess your phone or computer to login.
Why is Two-Factor Authentication necessary?
Passwords are often compromised when mobile devices or computers are stolen or infected with malware – or when insecure networks are used to retrieve passwords by email. They can often be guessed, they usually don’t change very often, and despite advice otherwise, many of us have favourite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account
What Type of 2FA does WebClient support?
Currently we support the open source OAuth service, simply because it is free to implement for our customers and is in widespread use. All that is required is an App that supports the creation of OTP (One Time Password) tokens. This basically means that the App produces a 6 digit number that changes every 30 seconds or so. This number is entered along with your usual client area login password.
While there are a lot of Apps that do this, we tested and like Google Authenticator – which has versions for iPhone & Android devices.
Step 1.
Login to WebClients.co.uk client’s portal and select the dropdown containing your Forename and Surname. A few options should appear in the dropdown, please select ‘Manage Account’.
Step 2.
The next step is to enable to Two-Factor Authentication. To do this you will need to select ‘Authentication’ found on top row of tabs at below the My Account title (see image below) and scroll to the bottom of the page to enable 2FA.
Step 3.
In order to use Two-Factor Authentication, you need a TOTP token. If you have an Android, iOS, or Windows mobile device, your phone can act as your token and provide the necessary One-Time Password.
- Download an Authenticator for your device:
- Open the App, and scan the QR code below. Each account will have a unique QR code, but will look something like this:
This is only an example! Please use the custom QR code generated in your account. - You will then need to type in you password again to confirm that you have scanned and enabled the 2FA.
Step 4.
You will now see your generated number in the Authenticator app. This will reset every 30 seconds, so you will need to be quick in typing your password.
Step 5.
The next step is to logout and then login back in to your WebClients.co.uk account. You will now see a new page that will appear during the login process. This is where you will need to type your generated password; (See example)
