Improve the security of your account by setting up two-step verification. Without 2-step verification, your account protected by a username and password. Although data security is our top priority and we do everything that is reasonably possible to keep your account and data safe, there are many reasons beyond our control that may compromise your account and security of your research data and thereby that of the lab you are working in (e.g. key loggers on public computers or reuse of password for other applications that have been exposed etc.). We therefore recommend the use of 2-step verification, also known as 2-factor authentication, to improve security of your account with an additional code required to login. See how two-step verification works in action:
Activate two-step verification in the 2-step verification tab of the Account Settings.
Enable two-step verification for your account to introduce a second layer of security to protect your account. With two-step verification active, an additional 6-digit code is required for login. This unique code is generated on your smartphone and changes every minute. First you need to authenticate your device to be able to generate verification codes by clicking Enable
In the popup menu you can now activate 2-step verification by entering a two-factor code. You can get this code by following the instructions below. Please note that after enabling 2-step verification, you always need your mobile device to generate a new 2-factor code to login to eLABInventory. If you do not have that code, you may not be able to directly access your account and data anymore.
To generate 2-step verification codes, you currently have four options:
- The eLABJournal or eLABInventory Mobile App – Download and install the App of iOS or Android
- Google Authenticator Mobile App – If you already use Google Authenticator for other applications (for Windows Phone use Microsoft Authenticator)
- WinAuth Desktop App – if you do not have a smartphone you can download and install WinAuth
- Protectimus SLIM mini – physical card that can be programmed using NFC to generate 2FA tokens. Read more about Protectimus SLIM mini
Install at least one of the mentioned applications and scan the barcode displayed when enabling two-step verification. After scanning or entering the secret code, the application will be generating a time-based unique 6-digit code (the two-factor code) that changes every minute. This is the code you need to activate the 2-step verification and to login after activation two-step verification.
- Enter the 6-digit code
- Click Verify and Save
Two-step verification is now enabled. Please make sure to never remove the app from your authenticated device before disabling 2-step verification first. We also recommend you to download the back-up 2-factor codes, which are 2-factor codes that can only be used once in case you lose your 2-factor code generation device. In the unfortunate case that your account is blocked when 2-step verification is enabled, the option to disable two-step verification is also available in the Organisation Admin Panel. Alternatively, contact our support desk to disable 2-step verification for your account.
When two-step-verification is active, you need to enter the two-step verification code every time your login. There is an option to trust the computer for 30 days. That means that you only have to enter the two-step verification code once every 30 days. The remember option is linked to a specific IP address and computer, to ensure that remains protected with 2-factor authentication when logging in elsewhere from a different device.
As a group administrator you can enforce two-step verification for all members in the lab by changing the Group Policy. Navigate to My Groups and click Edit. In the Group Policy tab, you can enable the option to make 2-step verification mandatory for all lab members.
When enabling this option, all users in the lab will be forced to enable 2-step verification for their account during their next login. Only after successful set-up the user is allowed to access its account.