What is two-factor authentication? Why has SIDN introduced two-factor authentication? When do we have to start using two-factor authentication? How is the log-in procedure changing? What second authentication methods are available? Which authentication apps does SIDN support? How do I log in the first time? What is the best authentication method for me to use? How does authentication by app work? What do I need to do to use an authentication app on my smartphone? What is the best authentication app to use on my smartphone? What do I need to do to use an authentication app on my PC or laptop? What is the best authentication app to use on my PC or laptop? How does SMS authentication work? What if I don't have a (business) mobile or we don't give our personnel (business) mobiles that can be used for authentication? What if I don't have (or the user doesn't have) a smartphone? What if my smartphone doesn't have a camera, or the camera doesn't work? What if I lose my mobile or if my mobile number changes? What if I forget my user name or password? What if I'm denied access? What if I enter the authentication code, but the DRS takes me back to the log-in screen? What if the DRS stops accepting the verification codes generated by the authentication app?
Two-factor authentication is an extended log-in procedure. We are introducing it for the web interface of DRS5. Whereas accessing the web interface used to involve entering a user name and password, it now also involves a second authentication step. After you have entered your details on the familiar log-in screen, you meet a second authentication screen. On the 'Additional authentication' screen, you have to enter a verification code sent to you by SMS ('text message') or generated by an authentication app before you reach the web interface.
Two-factor authentication increases the security of the web application. It stops an unauthorised person who has got hold of a user's password from gaining access to the application. The introduction of two-factor authentication follows on naturally from the recent switch from a single user account for each registrar to individual accounts for each person who uses the DRS. Both changes are part of a general strategy of making the web application more accessible and more secure. Two-factor authentication comes into effect at the end of September 2015.
After you have entered your details on the familiar log-in screen, you meet a second authentication screen. On the 'Additional authentication' screen, you have to enter a verification code sent to you by How does SMS authentication work? ('text message') or generated by an Which authentication apps does SIDN support? before you reach the web interface. We recommend using a What do I need to do to use an authentication app on my smartphone?. That does, however, require the user to have a What do I need to do to use an authentication app on my PC or laptop? installed on a smartphone or computer, whereas SMS authentication is possible with any mobile phone. We recognise that the introduction of two-factor authentication will make logging in to the DRS less straightforward than it used to be. However, we believe that the change is needed to ensure the security of the web application, which is in your interest too. To minimise the inconvenience, the system offers a choice of second authentication method: If you have a smartphone, the easiest approach is to install an What do I need to do to use an authentication app on my smartphone?. Then, after your How do I log in the first time?, the app will generate the verification codes. If you want to use a mobile phone that isn't a smartphone, you can click the 'SMS' button on the How does SMS authentication work? to have a verification code sent to the mobile phone number linked to your user account, in the form of an SMS message ('text message'). If you don't have a smartphone or a simple mobile available for logging in, you can also use an authentication app installed on a What do I need to do to use an authentication app on my PC or laptop? to generate verification codes. In principle, computer apps work in the same way as mobile apps.
Our two-factor authentication system uses the open OATH standard (RFC 6238). You can therefore use any authentication app that supports the OATH standard. Click What is the best authentication app to use on my smartphone? for more information about available mobile apps. Click What is the best authentication app to use on my PC or laptop? for more information about available apps for PC/laptop. The first time you log in under the new system, you have to use How does SMS authentication work? for authentication. That is because an How does authentication by app work? requires a private key, which can't be displayed until you have completed the log-in process. To register your authentication-app, you need to tick the checkbox on the 'Additional authentication' screen before clicking the 'Log in' button. You will then be given a key, both in QR code form and in text form. Once you have entered the key into an authentication app, you can use the app to generate verification codes.
We believe that a What do I need to do to use an authentication app on my smartphone? is the best option for most users. You only have to scan in the private key once, after which the app generates a sixdigit verification code each time you log in, providing quick access to DRS5's web interface. Authentication by SMS for which you are reliant on a mobile phone network is therefore necessary only once. SMS authentication is always available as an option, however.
If you use an authentication app, the app generates a six-digit verification code, which remains valid for thirty seconds. You enter the code in the relevant field on the DRS authentication screen and then click the 'Log in' button. After that, the familiar web interface will open. Before you can use an authentication app on your smartphone, a private key has to be passed between SIDN's system and the app. To obtain a private key, you need to tick the checkbox on the 'Additional authentication' screen before clicking the 'Log in' button. Then, when you log in, you will be presented with a new key in the form of a QR code. Your mobile authentication app will be able to read the key straight from your computer screen if you simply hold your smartphone up to the screen. As shown in the screen grab below, the private key also appears in text form above the QR code. So you have the option of entering the key into the app manually.
NB: Regardless of how you normally intend to log-in using an authentication app or with SMS authentication your very How do I log in the first time? must be How does SMS authentication work?. You have to complete the log-in process once (and tick the 'Request key' option) in order to obtain the private key that you need to subsequently use an authentication app. Any authentication app that supports the open OATH standard (RFC 6238) can be used to log in to DRS5's web interface. Suitable apps include the following: Google Authenticator: now closed-source FreeOTP: available for Android and ios; based on the open-source code of Google Authenticator, supported by Red Hat Before you can use an authentication app on your PC or laptop, a private key has to be passed between SIDN's system and the app. To obtain a private key, you need to tick the checkbox on the 'Additional authentication' screen before clicking the 'Log in' button.
Then, when you log in, you will be presented with a new key in the form of a QR code with text above. The key text needs to be entered into your authentication app. NB: Regardless of how you normally intend to log-in using an authentication app or with SMS authentication your very How do I log in the first time? must be How does SMS authentication work?. You have to complete the log-in process once (and tick the 'Request key' option) in order to obtain the private key that you need to subsequently use an authentication app. Any authentication app that supports the open OATH standard (RFC 6238) can be used to log in to DRS5's web interface. Suitable apps include the following: GAuth: open source Authy: commercial
If you use a web app for authentication, we recommend that, for security reasons, you do not run it on the same machine that you use to access DRS5's web interface. With SMS authentication, you can log in using a mobile phone that isn't a smartphone. To use this authentication method, click the 'SMS' button on the 'Additional authentication' screen. An eight-digit verification code will then be sent by SMS ('text message') to the mobile number linked to your user account. Confirmation that the code has been sent will appear on screen. Enter the code in the relevant field on the DRS authentication screen and then click the 'Log in' button. After that, the familiar web interface will open. The verification code sent by SMS remains valid for one minute. You must use How does SMS authentication work? ('text message') authentication the How do I log in the first time? under the new system. When you do so, you can tick the checkbox, so that after that you can use an authentication app instead of SMS. You will be given a key, both in QR code form and in text form. Once you have entered the key into an authentication app installed on a PC or laptop, you can use the app to generate verification codes.
We believe that a What do I need to do to use an authentication app on my smartphone? is the best option for most users. However, authentication apps are also available for PCs and laptops. You are only obliged to use How does SMS authentication work? the How do I log in the first time? under the new system. However, SMS ('text message') authentication is always available as an option that you can use if you prefer. Another option is to use an authentication app installed on a What do I need to do to use an authentication app on my PC or laptop?. The private key that you need to enter into your How does authentication by app work? is made available both in the form of a QR code and in the form of text that you can simply type into your app. The text is shown above the QR code.
If you are not your organisation's admin user, you'll need his or her help. If you are the admin user, you'll need to contact our support department. If you call support for help, you'll be asked to provide your SIDN identification code (SID). If you are not your organisation's admin user, you'll need his or her help. If you are the admin user, you'll need to contact our support department. If you call support for help, you'll be asked to provide your SIDN identification code (SID). Once your password has been reset, you'll need a new private key to continue using an authentication app. To get one, you'll need How do I log in the first time? using How does SMS authentication work?, and request a new private key. You will be denied access if the status of your organisation's registrar account is 'Inactive', or if your personal user account has been deactivated by SIDN or deleted by your admin user. If that happens, contact your organisation's admin user. The session times for the log-in screen and the authentication screen are short. So you need to complete the whole procedure without a significant pause. Otherwise, your session will time out and you'll be taken back to the start. If you are not your organisation's admin user, you'll need his or her help. It might be that your admin user has reset your password. If you are the admin user and SIDN has reset your password, you'll need a new private key to continue using an authentication app. To get one, you'll need How do I log in the first time? using How does SMS authentication work?, and request a new private key.