Setting up Two Factor Authentication (TFA) for your website
What is Two Factor Authentication?
Two factor Authentication (TFA), sometimes called Multi-factor Authentication (MFA), is the process of having an extra code to enter to verify that you're the one using your username and password for the website.
This means that if anyone gets your login credentials, they're useless unless they have the extra randomly-generated code (which they won't because it'll be on your phone only).
Prerequisites
Before you can set up TFA for your website you need to do the following:
- Set up TFA for your GOV.UK Email: Setting up two-factor authentication (TFA) (MFA) (the reason we need you to do this first, is it will give you the app you need for storing the codes for your website).
Setup
To set up TFA on your website:
On your computer/laptop:
- Go to the Admin Panel for your website. This is typically your full gov.uk domain name plus a "/admin" at the end.
- Enter your Username and Password as normal and click Login
- Hover over the Profile icon in the top-right
- Click Edit Profile
- Scroll down the page to the "Two-factor authentication settings" section
- Click Configure 2FA
On your phone:
- Unlock your phone and open the OneAuth app
- Use your fingerprint to verify in if prompted
- Make sure the correct account is selected (this is only relevant if you clerk for multiple councils)
- Click the Authenticator button at the bottom.
- Click Add New
- Scan the QR code on your computer screen with your phone.
- Click Done
Back on your computer/laptop:
- Click the I'm Ready button
- Type in one of the 6 digit codes that's cycling on your phone into the Verification Code box (Hint: if the numbers go red then they're about to expire, wait for a few seconds for a new code (in green) to give you plenty of time to type the numbers in).
- Click Validate and Save
- Click Generate Backup Codes (these are important in case you ever lose your phone)
- You can either:
- Copy them to a Word/Notepad document and save them on your computer or on your Cloud Storage.
- Print them so you have a paper copy
- Send the codes by email (not recommended)
- Click I'm Ready, Close the Wizard
And that's done!
When you next log in, enter your username and password as normal, then go to your OneAuth app and enter one of the green codes you see in the Authenticator section.
Screenshots
Related Articles
Setting up two-factor authentication (TFA) (MFA)
Your email account is much more secure if you enable two-factor authentication. This means that even if your password is compromised, someone else won't be able to access your mailbox unless they have your mobile phone as well. This video walks you ...Enabling or enforcing Two-Factor Authentication for your organisation
Overview We highly recommend using Two Factor Authentication. There may be circumstances where this is not feasible. In such cases, the Two-Factor Authentication can be switched off. Alternatively, a user may need to have their Two-Factor ...How do I download the OneAuth app?
Download the Zoho OneAuth app to give your mail account extra security: Android Phones (Google Play Store) iOS Phones (Apple App Store)Resetting Two Factor Authentication
Overview If a user has deleted their One Auth App their Two Factor Authentication will need resetting. Method Log into the admin panel: log-into-your-email-admin-panel Go to users and select the user whose Two Factor Authentication you need to reset: ...Forwarding emails from your gov.uk mailbox to another mailbox
Overview Whilst it is technically possible to automatically forward incoming emails to another mailbox from your gov.uk email address, the Government Digital Service (GDS) strongly advise against this due to several key security and privacy risks. ...