Two-factor Authentication is a method of authentication which requires the user to submit two different secrets to complete their login attempt. The first secret is usually the user's password for the website, while the second secret is usually a one time password generated on a device owned by the user. The second factor is usually something that is more unique or personal to the user, so should an attacker find out the password, they would still be unable to log in. As such, two-factor authentication adds an extra layer of security to the login process. Xplenty uses a time-based One-Time-Password scheme for the second factor. Once you turn on 2FA, you will be requested for a 2FA code after submitting your password on our login page, every time you want to log in.
Enable 2FA on your Xplenty account
To enable 2FA on your Xplenty account, head over to the settings page, where you can find 2-Factor Auth under the "Your Settings" section. Enter your current password and click the Enable button to start your enrolment.
You will be asked to scan a QR code with your preferred code-generator application. In case your application doesn't support scanning a QR code but supports manual input of a 2FA secret, you may click on the blue "the secret key" text, which will reveal the secret text you need.
Upon scanning the QR or inputting the 2FA secret into your authenticator app, Xplenty should show up in your app along with a numeric code. Enter this code on the Xplenty 2FA settings page. This code is only valid for around 30 seconds from the time it was generated.
Click the Enable button to finish your 2FA enrolment. If the code was not accepted, try another one after the code re-generates in the application.
If the process is successful you will notice there is now a banner on your 2-Factor Auth page, informing you that 2FA is enabled!
To disable 2FA, simply input your current password and click the Disable button!
Changing your 2FA device
At some point you might want to change the device on which your 2FA codes are generated. In this case, you must first disable 2FA from the Settings page we saw above. Then, you should re-enable 2FA using your new device.
It is important to note that after you enrol a device into 2FA, you will not be able to see the same QR code or secret text you saw before. You will not be able to "transfer" your 2FA codes to a new device.
If 2FA is enabled, you will not be able to log into your Xplenty account if you delete your Authenticator app or otherwise replace your code generating device, and will need to contact Xplenty support.
Lost 2FA device
If you have lost or damaged your 2FA device or are otherwise unable to generate 2FA codes, don't panic! You might still be logged into the Xplenty dashboard. Simply visit the dashboard where you can safely disable 2FA via the settings screen we saw above.All you will need is your current password!
Speaking of which, DO NOT reset your password in case you have lost 2FA access. Resetting your password will immediately log you out of Xplenty and prevent you from disabling 2FA.If you do find yourself locked out of your Xplenty account due to 2FA, you must contact us at firstname.lastname@example.org to regain access.