BMO supports two either TOTP or Duo. Duo is only available for Mozilla employees, while TOTP is available to everyone.
You need the following:
- You need a TOTP authenticator app, such as Google Authenticator (iOS, Android) installed on a phone or tablet. There are authenticator programs available for desktop OSes, but doing this is not recommended. In this guide we'll say "device" instead of phone or device. Note the device does not need internet connectivity once the Authenticator app is installed.
- You should have a printer or a notepad to write down recovery codes.
Once you have the above ready, it is time to enable 2FA.
- Vist the Two-Factor Authentication page.
- Click the button labeled "Time-based One-Time Password (TOTP)"
- You will now see a barcode. Pick up your device and open the authenticator app. There will be a screen with a button at the bottom labeled "Scan a barcode" -- choose that button.
- Aim the device's camera at the screen. As soon as it recognizes the barcode the camera view will disappear and you will see a six-digit number.
- Back on the page, the barcode will still be displayed. There is a small text box below it, which is where you must enter that six digit code from the authenticator app. Enter that code quickly and click the "Submit Changes" button at the bottom of the page.
At this point you have 2FA enabled! Every time you log in, you will need to enter your password and also the six-digit code from the authenticator app.
Now, we must also establish Recovery Codes. Recovery Codes are longer codes that you may use if you lose your device. Each recovery code may only be used one time -- and they're really like an emergency failsafe. If you do not have recovery codes and you lose your device you might lose access to your account forever.
Recovery Codes can be created on the Two-Factor Authentication page at any time. If you've already created some but lose them, you can create them again (and the old ones will become useless).