Multifactor Authentication (MFA) adds an extra layer of security to your GrapheneDB account. We allow two authentication methods; SMS and TOTP (Google Authenticator or Authy for example). We recommend you to set up both authentication methods to fully secure your account. If you’ve chosen to register with a Google account, you’ll need to visit your Google Account to change your MFA settings.
Users that are Members or Owners of at least one Organization with an active Subscription and Billing details added, can setup MFA methods. Furthermore, if you leave the only Organization you’re associated with or if the Organization is deleted, the MFA setup will remain in its original configuration. To access these settings, navigate to Account settings from the drop-down menu > Security tab.
SMS
By enabling the SMS option, you will get a code to the phone number that you’ve provided. To set it up, please click on Set up button next to the SMS option.
You’ll be prompted to the modal window to confirm your account password before proceeding. Next, please select the Country, enter a phone number and click on Set up button.
A verification code will be sent to your phone number, please enter it in the respective field and click on Confirm button.
The status of this option will change to Enabled.
TOTP
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. You can use applications such as Google Authenticator or Authy. To set it up, please click on Set up button next to the TOTP option.
You’ll be prompted to the modal window to confirm your account password before proceeding. Then, you’ll see the next screen where you can use your chosen application to scan a QR code, or find the account and key information which you can enter in the authentication application.
Once that is done, you’ll obtain a verification code that you need to enter in the respective field, then click on Confirm button to complete this setup.
The status of this option will change to Enabled.
Why it’s more secure to have both authentication methods enabled?
If you have only one authentication method enabled, it does require you to protect your one 2FA method more carefully - not just from potential attacks, but also from yourself (loosing your phone for example). If you misplace it, there is no other way to log in. Imagine switching phones or resetting them, stolen or damaged phones, or unfortunate software/OS updates that destroy the authenticator app. Therefore, enabling both authentication methods helps you maintain your recovery procedures and codes safe, and securing you to avoid lockout.
What happens if I enable both methods?
If you choose to enable both methods, upon each login, you’ll be prompted to choose from one of the two options to verify your identity. You simply need to select SMS or TOTP, and proceed with usual verification.
Disabling SMS or TOTP
To disable any of these options, simply click on trashcan icon next to it, and the setting will change to Disabled status.
