Two Factor Authentication

When you log in to any website account online, you probably use a simple 'username and password' combination to do so. Adding an additional step - called 'Two-Factor Authentication' (2FA or TFA) - to your login process is a simple way of adding an extra layer of security to your accounts.

Should I bother adding TFA? 

Yes! The problem with relying on a username and password style of login is that you can’t always keep your password safe. Your password could be guessed or perhaps stolen:
  • through a scam, like phishing;
  • from a business you have an account with, if they have a data breach;
  • by another method (such as someone spying on you);

By adding another level of login security with 2FA, it makes it much harder for an attacker to access your online accounts — they need to know more than just your username and password.

You can usually set up TFA fairly easily.  Often, you will use TFA in one or more of the following methods:

  • [Most Popular] an App on your phone: install any TFA app from your app store. You can then use it to set up 2FA for any website that supports it;
  • [Sometimes] Some websites allow TFA by having a code sent to your email.  
  • [Rarely] Some people prefer a hardware based token TFA / fancy USB key or other hardware (more specialised);

Most people use an app on their phone because it can be used for a wide number of TFA enabled websites (such as Purple Dog).  If you don't know what a TFA app is, there's more detailed information further down this page.  You can read about how TFA works and the various App options available at the time of writing. 

Meanwhile, if you already have a TFA app on your phone, you can get started with adding a TFA to your Purple Dog account.  

 


How to set up 2FA on your  Purple Dog Account

Before you get started, you will need

  • Your Mobile Phone;
  • A Two Factor Authenticator App installed (see your device's App store or options mentioned further down this page);
  • If you don't know which authenticator app to install, you can try Google Authenticator or LastPass Authenticator (download from your app store).

To set up Two Factor Authentication on your Purple Dog account, click here.

1. From the Client Area, navigate to Security Settings;

2. Click on the button Click here to Enable;

Click here to Enable

3. Select Time Based Tokens;

4. Click Get Started;

Select the Two Factor Auth Service

5. Scan the QR code with an authenticator app such as Google Authenticator, Last Pass Authenticator, Duo Mobile or any other Two Factor Code Generator you prefer to use (see your device's app store for options);

6. Enter in the 6-digit code that the authenticator app generates;

Scan the QR Code with your app and enter the authentication code

7. Click Submit;

8.  Record the Backup Code in a safe place.  You will need this to login if you lose your TFA device;

9. Click Close.

Take a note of the Backup Code

Two-Factor Authentication is now set up, and will be required when you login in future.

If you have any issues logging-in in the future, please open a support ticket.

 


How 2FA works

When you log into an online account with a username and password, you’re using what’s called single factor authentication. You only need one thing — your password — to verify that you are who you say you are. With 2FA, you need to provide two things — your password and something else (we use a code) — before you can access an account.

You can authenticate (prove you are you) based on a security token that you can get from any 2FA app that generates a temporary access code.  For example;

  • software on your smartphone such as an app like Google Authenticator or any other 2FA app that:
    • sends a notification to your smartphone, or
    • provides you with a temporary access code.

 


Which App do I need?

There are a many to choose from, whether you are an Android, Windows or IOS user.  As the various apps change more frequently than the clock, it's best to check out the Playstore or App store for your device.  However, here are some basic recommendations;

1. LastPass Authenticator

Supported platforms: ALL

LastPass has a very useful password manager app.  It also has a very decent 2FA authenticator app.  If you’re not already using LastPass, now’s a good time to download the password manager, start using stronger passwords, and improve your cybersecurity.  Before you can enable LastPass Authenticator with your LastPass account, you need to download LastPass Authenticator from your phone’s app store.   

Then, you need to open your LastPass vault, launch your account settings, and enable LastPass Authenticator in your security settings 

You’ll then pair the LastPass Authenticator app on your phone with your LastPass account. More info is available here.

+ Very easy to use. Also has an option to save all of your passcode TFA sites to the cloud in case you lose your device.

+ Easy to transfer to a new phone (backup to cloud)

- Lastpass has had some reputation damage due to a hacking scandal in 2022. You can google it if you'd like to know more.

 

2. Google Authenticator

Supported platforms: Android, iOS

As noted by all tech media, Google Authenticator is the easiest to use of all the many 2FA apps out there. It doesn’t even have any settings. All it lets you do is add a new token (the name given to the code generator for an individual account) or delete an existing one. To copy a code all you have to do is tap it. That’s it!

However, such simplicity has a drawback: If you don’t like something about the interface or you want more features, you’ll have to install another authenticator app.

+ Very easy to use. Very Popular

- Can't easily transfer codes to new phone (if you ever upgrade or lose your phone - you'll need to re-add each site which is a big deal)
 

3. Duo Mobile

Supported platforms: Android, iOS

Duo Mobile is also extremely user-friendly, minimalist, and free of additional settings. It has one advantage over Google Authenticator: Duo Mobile keeps codes hidden by default — to see them, the user must tap the specific token. If you, like me, do not enjoy having a bunch of codes for all your accounts on public display every time you open the authenticator, then this feature of Duo Mobile is for you.

+ Hides codes by default.
 

4. Microsoft Authenticator

Supported platforms: Android, iOS

Microsoft also chose the no-frills approach with its minimalist authenticator. That said, Microsoft Authenticator is noticeably more feature-rich than Google Authenticator. For a start, although all codes are shown by default, each token can be separately configured to be hidden.

Second, Microsoft Authenticator simplifies signing into Microsoft accounts. After entering your password, all you need do is tap the button in the app to confirm login — and that’s it, no need even to enter a one-time code.

+ Can be configured to hide codes.
+ Extra features for signing into Microsoft accounts.
  

5. Authy

Supported platforms: Android, iOS, Windows, macOS, Chrome

Authy is the fanciest of the 2FA apps, with the main advantage being that all tokens are stored in the cloud. This makes it possible to access tokens from any of your devices. At the same time, it simplifies the migration to new devices. There is no need to reactivate 2FA in each service, so you can continue using existing tokens.

Tokens in the cloud are encrypted with a key based on a user-defined password, meaning that data is stored securely and not at all easy to steal. You can also set a login PIN for the app or protect it with a fingerprint if your smartphone is equipped with the right scanner.

The main disadvantage of Authy is that it requires you to set up an account linked to a mobile phone number — otherwise it won’t work at all.

+ Tokens are stored in the cloud, allowing them to be used on all of your devices.
+ Migration to other devices is very easy for that same reason.
+ App login protected by PIN or fingerprint.
+ Only the code for the last used token is shown on screen.
+ Unlike other apps, it supports not only Android and iOS, but also Windows, macOS, and Chrome.

− Does not work without an Authy account linked to a phone number.
 

6. Yandex.Key

Supported platforms: Android, iOS

In my opinion, the concept behind Yandex.Key makes it the best app for 2FA. For one thing, it does not require immediate registration — you can start using it just as easily as Google Authenticator. For another, it has several additional features available to those who are not settings-shy.

First, Yandex.Key can be locked with a PIN or fingerprint. Second, it allows you to create a password-protected backup copy of tokens in the Yandex cloud (this stage does require a phone number) and restore it on any device you use. Similarly, it is possible to transfer tokens to a new device when you need to migrate.

Yandex.Key manages to combine the simplicity of Google Authenticator with the extended functionality of Authy, depending on what you prefer. The app’s only drawback is that the interface is not that easy to use with a large number of tokens.

+ Minimalism at the start, extended functionality available through the settings.
+ Backup copies of tokens can be created in the cloud for use on multiple devices and migration to new ones.
+ Login to the app is protected by PIN or fingerprint.
+ Only the code for the last used token is shown on screen.
+ Replaces your permanent Yandex account password.

− With many tokens, not so easy to find the one needed.

 


 

 

  • two factor, 2fa, security, authentication, 2FA
  • 590 Users Found This Useful
Was this answer helpful?

Related Articles

Is this site secure?

Yes, our website client area is protected by encryption through an SSL (Secure Socket Layer)...

How can I pay?

We automatically send invoices for all upcoming payments and you can also see due payments from...

Change of account ownership

The following information relates to the transfer of ownership from one client to another and is...

Account or Service Closure / Cancellation / Termination

On this page, you can find out about closing / cancelling a specific service, or how to close /...

How do I see what services I have?

To check what services you have, please log in to your Purple Dog client account You'll need the...