Contact Us

To help prevent spam, Javascript is required in order for you to use this form.

Two-factor Authentication

Overview

MyClient supports Two-factor Authentication to help secure staff and reseller logins to your MyClient installation.

Setting up Two-factor Authentication

To configure TOTP for your account:

  1. Install a TOTP app on your smartphone

    At the time of writing, we recommend the following smartphone apps:

    If you have hardware TOTP tokens, please contact us for assistance importing PSKs

  2. Follow the links on the Account page to reach the two-factor authentication setup page
  3. Click "Generate a new secret", and then scan the QR code into your TOTP app
  4. Enter a current code from your TOTP app to enable two-factor authentication at login

That's all - now you'll require your TOTP app every time you log in to MyClient. The app will generate a new six-digit code every 60 seconds, which is confirmed with MyClient.

Troubleshooting

TOTP-based Two-factor Authentication requires your device or app to keep accurate time - within 30 seconds of the MyClient server's time. All MyClient servers run NTP, maintaining accurate time within a few milliseconds.

As MyClient requires a current TOTP code in order to enable two-factor authentication at login, there is no chance of being 'locked out' of your account until you have your device / app properly configured.

Locked out

However if your Two-factor Authentication device is missing, stolen, or unavailable, you may be unable to log in to your MyClient installation. In this case, you can regain access to your account by one of the following steps:

  • Contact your support operator
  • Have another MyClient administrator disable Two-factor Authentication for your account from the Manage System Users page.

    • This causes an immediate email to the impacted operator as well as a permanent record on the System Notifications log page.
    • Common alternative methods to recover from a two-factor authentication lockout scenario include recovery codes, second email addresses, or SMS confirmation, all which create additional attack surfaces.

      Since another MyClient system administrator can already change nearly anything within the system, if one has access to an Administrator account already then this causes no decrease in security.

See Also

For more information on MyClient's security features, please see Security Features »