Two-factor authentication
What is two-factor authentication (2FA)?
Two-factor authentication can be used as an added layer of security on top of your username and password for your Salto KS account. When 2FA is enabled, your account has extra protection should your credentials or device ever be compromised.
A user's identity is verified through a combination of two separate components (or factors) to confirm the authenticity of the identity claimed. The first factor is the set of credentials used to log in to your account. The second factor can take the form of one of the following:
- Authenticator apps
- SMS code
- Email code
How can I enable two-factor authentication?
To enable two-factor authentication (2FA), sign in to your Salto KS account and navigate to the Profile page. Here, click on Manage Profile and Settings beneath Profile Information.
From there, scroll down to your Security & services section, where you can choose to either have your two-factor authentication Enabled or Disabled.
After you have enabled 2FA, you will be required to enter your password again for security purposes. From this step, you will need to select your authentication method.
Authenticator apps: Should you select the authenticator app as your method of choice, download the Google Authenticator App (available for iOS and Android) or another similar app of your choice.
Then, register your app by either entering the code from the given options into your authenticator app or scanning the QR code.
We then request you back up your authentication method with email authentication in the event you do not have your device on hand.
SMS: If you select SMS, we will request you to enter your mobile number in order to register SMS authentication. Then, click Send SMS, and a 6-digit code will be sent to your registered mobile number. In the next and final step, enter this code and click Register to enable this authentication method.
Email: If you select email, we will use the email address in your profile to register for this authentication method. A 6-digit code will be sent to this registered email address, after which you have to return to your Salto KS app and enter this code to confirm this mode of authentication.
As a final step, no matter your authentication method, you need to generate your Recovery Code to be used when you have lost your device or cannot access it. Keep this code safe, as you will not be shown this code again.
You will then be shown a confirmation message that you have successfully registered a two-factor authentication method. Well done!
Once you have 2FA enabled, the authentication method selected by you will be used as the second factor of authentication whenever you log in.
How do I sign in with two-factor authentication?
Once you sign in with your credentials to the Salto KS Web or Mobile app, you will be asked for a verification code, that is the second factor. Depending on the 2FA method you have enabled, you have to provide this code by using your authenticator app or checking messages for the verification code sent to you via SMS or email.
If SMS has been selected as your mode of authentication, the code is sent to the registered phone number. It is possible to Resend or Log in with a recovery code. When you choose Resend, a new code will be sent, and the old one will be invalidated. The recovery code may be used when a user doesn't have their device within reach or cannot receive a text message. This code is one of the Recovery Codes given to the user in the 2FA registration process, which should be kept securely.
Once both factors are entered, the user is verified and gains access to the Salto KS app.
What is a Recovery Code, and how do I use it to log in?
You can use the Recovery Code in the event you are unable to log in by using one of the authentication methods you configured.
After you have enabled your authentication method of choice, as a final step, we generate a Recovery Code for you to use when you have lost your device or cannot access it.
Keep this code safe, as you will not be shown this code again.
Once you use this code, your two-factor authentication settings will be reset. You will need to enable 2FA once again in your account in order to continue using it, and in the process, you will be given a new Recovery Code.
How can I remove an authentication method from two-factor authentication?
You can remove an authentication method by navigating to the overview of your two-factor authentication and clicking on the trash icon towards the right of the methods listed.
Please keep in mind that once you configure your 2FA, email cannot be removed as email authentication has to always remain as a backup for all authentication methods in your Salto KS account. However, in case you don't want to be prompted for Authentication Codes, you can disable 2FA without removing any of the configured authentication methods.
Can I have multiple methods of two-factor authentication?
Yes, it is possible to have more than one method of authentication for your Salto KS account. You can have all three methods enabled, and upon logging in, you can select which authentication method you would like to use to enter your account.