Two-factor authentication (sometimes referred to as two-step verification or dual-factor authentication) is a security process in which you can provide two different authentication factors to verify your login to an app or a website platform.
Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication.
Memories uses a third party app Auth0 Guardian to process its two-factor authentication with the use of a QR code.
Important Note: When activating the two-factor authentication the first time, you need do this using Memories web platform and not the app (for the reason that the QR code would need to be scanned by the mobile device).
How to set-up two-factor authentication
Using the web platform, here are the steps involved in activating the two-factor authentication:
- Log into your Memories account on the website.
- Click the Profile section found on the top right section of the page.
- Select View Profile from the drop down menu.
- Toggle the slider to Turn On the Two-Factor Authentication.
- A pop-up screen will confirm that two-factor authentication will be required on the next log in.
In order for this feature to take effect, log out/sign out from the account and log back in again to finalize the two-factor authentication set-up.
After logging back in with the two-factor authentication activated (turned on), you will be prompted to install the Auth0 Guardian app. The Auth0 Guardian app is available both from Apple Store and Google Play.
After downloading the Auth0 Guardian app, click the Continue option as it appears on the mobile app screen. You will be required to scan the QR code on the webpage using the app.
After scanning the QR code, you will be asked to safekeep a group of recovery code which is needed in the event that you might need to log in without the device (smartphone). By clicking Continue, you will gain access to the Memories account.
The next time you login, Auth0 Guardian app will auto-detect your smartphone device and so the verification would be to just click Allow on your smartphone screen notification from Auth0 Guardian app.
What happens if the you have no access to the registered device?
If you have no access to the registered mobile device where the two-factor authentication would require you to access the Auth0 Guardian, the system will provide other methods to verify identity.
You will have to select the Try another method option and then select the Recovery code. On the next screen, you will be asked to enter the recovery code that was given to you during the first time the two-factor authentication was set-up. A new recovery code will be generated once the previous is used.
Things to remember:
- When setting up the two-factor authentication for the 1st time, you have to use the Memories web platform (www.memories.net) and ensure the mobile device is close at hand.
- The Auth0 Guardian app installed in your mobile device will scan the QR code displayed in the webpage (after activating the two-factor authentication).
- You have to safekeep the recovery code. This code is needed when you lose access to the registered mobile device.
- Once you've used a recovery code, it won't be used again, the system will generate a new recovery code for next use.