Security
Two-factor authentication (2FA)
Overview
What is 2FA (Two-factor authentication) ?
Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something.
The first factor is a password and the second commonly includes a code sent to your phone number, email etc.
Gimmonix HSP has enhanced its security measures by integrating 2-Factor Authentication (2FA) for all Back-Office logins.
This robust security feature is now an additional layer of security for every user attempting to access the Back-Office platform. It significantly bolsters defense against unauthorized access and potential security breaches, safeguarding sensitive data and operations.
This document is designed to guide users through the setup process of 2FA, explain its operational workflow, and provide essential insights into its functionality.
The two-factor authentication (2FA) is required solely for Back-Office logins and does not impact API users.
Prerequisites
- Email :
The 2FA "Account Verification Code" will be sent to the user's registered email. It's imperative to ensure that every user associated with your Affiliate node possesses a valid and operational email address to receive this code. Here are the steps to verify and update email details :- Navigate to the wanted user under your Affiliate Node.
- Click on "User Details".
- Confirm or update the user's "Email":
This email address will be the primary recipient for 2FA verification code, playing a crucial role in the account security process.
Login screen - How to
Upon entering your username and password in the Back-Office login screen, a specific cell will appear for you to enter the verification code.
Once you have submitted your login credentials, please check your registered email for the verification code.
("Verification Code sent to Email" - will indicate that the credentials are correct and a dedicated email has been sent).
Copy this code and then paste it into the designated field on the login page:
Verification Code
The verification code remains valid for a duration of 5 minutes starting from the moment you click "Login" and the code is dispatched to your email.
If this 5-minute period elapse, you will need to initiate the login procedure again to receive a new verification code. This ensures that the access remains secure and time-bound for enhanced protection.
Remember me
If you select the "Remember me" option before logging in, your login status will be preserved for 7 days, eliminating the need to re-enter your credentials or input the verification code during this period.
This feature provides convenient and uninterrupted access while maintaining user session security.
Re-send Email
If the 5-minute validity period of the verification code expire / no code is received in your email - you have the option to click on "Re-send Email" to have a new verification code sent to you.
User locked out
If the user's email is invalid or non-functional, preventing the verification code from being delivered :
- Reach out to your Back-Office Administrator to update the email or reset the password.
- Click the "Support" icon located at the bottom-right of the screen, or click here to submit a support ticket.
Updated 9 months ago