What is Two-Factor Authentication (2FA)?
A growing trend in account security online has been the introduction of two-factor authentication, or “2FA”. This is where a user logs in using their username and password, but must also provide an authentication code or approve a login separately, usually sent to them via app, email, or SMS/text. If the user does not provide this second authentication, they will be unable to log in.
Two-factor authentication dramatically improves the account security. It means that in addition to the user possessing login details to an account, they also have something tied to that user outside of the login screen- access to their email, their phone, or a specific app. This way, even if a bad actor gets access to an account’s username and password, they cannot login without access to the two-factor authentication method.
Because of this improved security, we strongly recommend all Forge users enable two-factor authentication.
How to enable 2FA on The Forge
- Before enabling two-factor authentication on your Forge account, you will need to install a two-factor authentication app on your mobile device. Google Authenticator on Apple and Android is a common choice.
- Navigate to the Account Information tab on your Forge account page.
- Select the blue “Setup” button under two-factor authentication. Select the blue “Request 2FA” button.
- Scan the QR code provided for your account with a two-factor authentication app. Input this code for the authentication code field.
- You will also be required to provide a code sent to your email address. Navigate to your email inbox, find the email message sent by The Forge, and copy and paste the emailed code into the email code field.
- Input your password into the password field.
- Finally, you must save your recovery codes. You will be provided recovery codes to save and copy on your device, or to print out as a backup. Warning: If you lose access to your 2FA app/device and do not have your recovery codes, you will permanently lose access to your Forge account. Click the blue button confirming that you have saved your recover codes.
You have now enabled two-factor authentication on your Forge account, and must provide these codes each time you login to The Forge. You should also receive an email confirming two-factor authentication has been enabled on your Forge account.
Recovery Codes
Make sure to save your recovery codes in a safe place. Without these recovery codes or two-factor authentication method, you will be unable to access your account. We cannot restore access to your account if this occurs. Each recovery code can only be used once.
Generating new recovery codes
To generate new recover codes, select “Show Recovery Codes”. There, you will see an option to generate new recovery codes. Provide an authentication code from your authentication app, and select “Unbind”. This will mark all previous recovery codes as invalid, and generate new ones. As usual, make sure to save these recovery codes somewhere safe, as they are your only method of regaining access to your account without your 2FA method.
Removing 2FA on The Forge
Removing two-factor authentication on your account is very similar to the process for adding it:
- Navigate to the Account Information tab on your Forge account page.
- Select the blue “Configure” button under two-factor authentication.
- Select the red “Remove” button.
- You will be asked to provide an email code. Navigate to your email inbox, find the email message sent by The Forge, and copy and paste the emailed code into the email code field.
- Provide the authentication code within your authentication app.
- Select the red button, confirming your choice to remove two factor authentication.
You have now removed two-factor authentication from your Forge account, and will receive confirmation via email.