BMO/UserGuide/Two-Factor Authentication

From MozillaWiki
< BMO‎ | UserGuide
Revision as of 19:25, 8 September 2017 by Dylanwh (talk | contribs) (switched up some images)

Jump to: navigation, search

BMO supports two either TOTP or Duo. Duo is only available for Mozilla employees, while TOTP is available to everyone.

Configure 2FA: TOTP (Google Authenticator)

The following instruction will guide you through configuing 2FA using TOTP. This guide assumes that you're using Google Authenticator (iOS, Android) installed on a phone or tablet. There are authenticator programs available for desktop OSes, but doing this is not recommended. It is also not recommended to use 1Password for TOTP (one-time passwords) if you also store your bugzilla password there because that defeats the purpose of two-factor authentication.

Visit the Two-Factor Authentication page.

Click the button labeled "Time-based One-Time Password (TOTP)"

You will now see a barcode.

Pick up your device and open the authenticator app. There will be a screen with a button at the bottom labeled "Begin Setup"

This is what you will see on your device. The screenshot is from an iPhone, but Android is similar.

After "Begin Setup", the screen will give you two options: "Scan a barcode" or "Manual Entry". Choose "Scan a barcode"

Now the device's camera is going to activate. Aim the camera at the barcode shown in the Bugzilla window is inside the square.

It will recognize the barcode pretty quickly -- providing the screenshot below was quite difficult.

The authenticator app on your device should now be displaying a six digit code

On the page showing the barcode, you must enter your current password and the six digit code displayed on your device.

The password field is above the barcode, and field for the six digit code is below.

Now enter that six digit code into the text box under the barcode.

After the password and code are entered, you must click "Submit Changes"

If nothing went wrong, it is now time to create recovery codes. If something went wrong, consult the FAQ at the end of this guide.

It is time to create [#Recovery Codes]

Configure 2FA: Duo

The following instruction will guide you through configuing 2FA using Duo. Duo is only available to Mozilla employees at this time.

For this guide, it is assumed you are already using Duo for your LDAP account, and that you have either Duo for iOS or Duo for Android installed.

In addition to the app, you will need to know what your Duo username is -- this is your LDAP email which not be the same (and does not have to be) as your Bugzilla email ("bugmail").

Recovery Codes

Recovery Codes are special codes that can be used instead of the codes generated by Google Authenticator on your device -- but they are longer (10 digits) and each code may only be used once.

Recovery codes are important if you lose your device, they're an emergency failsafe. If you do not have recovery codes and you lose your device you might lose access to your account forever.