How to Set Up Two-Factor Authentication Using TOTP
Two-factor authentication refers to the security practice of requiring two different types of verification to prove your identity. When you activate two-factor authentication on your Gandi account you will provide both your regular password and additional code generated either from a TOTP authenticator app, usually on your mobile device (TOTP), or from a USB device you plug into your computer (security key).
This page focuses on TOTP. You can read more about security keys here.
You can activate both security keys and TOTP at the same time to have the option of using either method. When you log in you will be asked for your security key first. If you don’t have your security key available you will then be asked to provide a TOTP code. You will only need to provide one of the authentication methods to enter your account.
You can also see if members of your team have activated two-factor identification by :ref:`looking at your sharing settings<manage_sharing>`_.
How TOTP Works
TOTP stands for “time-based one-time password algorithm.” To use TOTP you will link the TOTP authenticator app on your phone or computer to your Gandi account. After the accounts are linked, you provide code from this app into every time you log into your Gandi account. The codes are generated based on the key we provided when you linked your authenticator app with Gandi and the precise time you are logging in. Each code is valid for 30 seconds, after which a new code will automatically be generated.
Setting up TOTP requires a TOTP authenticator app or device. At the bottom of this page you can find a list of free authenticator apps and programs you can use.
When you set up TOTP on your Gandi account we will provide you with a set of recovery codes. These codes can be used if you somehow lose access to your app (for example, if you lose or replace your phone). It is important to save your recovery codes in a safe place such as in a password manager app. You can use these codes to log in to your Gandi account and either disable TOTP or connect your account to a new TOTP authenticator app.
Activate TOTP
To activiate TOTP on your account, use the following steps.
Note
As part of the setup process you will be given a set of recovery codes. These codes can be used instead of the code from your TOTP authenticator app in case you lose access to the device. We highly recommend you store them in a secure way where you can access them if you lose access to your regular device.
-
Download a TOTP app to your phone or your computer.
-
Log in to your Gandi account online.
-
In the top right corner of the page click the arrow next to your username.
-
Click “User Settings.”
-
Click “Password & access restrictions.”
-
Click “Enable TOTP.”
-
Carefully read the instructions, then click “Start when you are ready.
-
Save your recovery codes. You can do this by printing the page, donwloading the codes, or copying them to paste somewhere else.
-
Click “Continue.”
-
Link your TOTP app to your Gandi account by scanning the barcode or by typing in the code in the black box.
-
Click “Continue.”
-
Verify that your account is properly linked by typing in the current code in your TOTP authentication app as well as your account password.
-
Click “Continue.”
Tip
The “T” in “TOTP” stands for time based. Because the time is part of the calculation that occurs, it is important that the time on your account and the time on your device be in sync. A difference in time or time zone can cause an error.
Disable TOTP
To disable TOTP on your account, follow these steps:
-
Log in to your Gandi account online.
-
In the top right corner of the page click the arrow next to your username.
-
Click “User Settings.”
-
Click “Change password & configure access restrictions.””
-
Click “Disable TOTP.”
-
Type in your account password and confirm.
Blocked Account
If you have lost access to your authentication app (for example, you lost your mobile device) you can use one of your recovery codes to log in to your account. Just enter a recovery code in place of the TOTP code when you log in.
If you have also lost access to the recovery codes we provided during the TOTP setup process, please contact our support team. You will then need to send them a copy of this form
to regain access to your account.
Recovery codes are a relatively recent feature. If you set up TOTP before we provided recovery codes you can also contact our support team and send them a copy of this form
to regain access to your account.
Free TOTP Authenticator Apps:
Android
-
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
-
FreeOTP: https://freeotp.github.io/
Apple (iMac, iPhone, iPad, iPod)
-
Google Authenticator: https://itunes.apple.com/fr/app/google-authenticator/id388497605?mt=8
-
OTP Auth: https://itunes.apple.com/us/app/otp-auth/id659877384?mt=8
-
HDE OTP Generator: https://www.hde.co.jp/otp/en/
-
FreeOTP (iOS): https://freeotp.github.io/
Linux
-
oathtool : Command line tools
When configuring your authenticator app, you will need to know these values:
-
Code length: 6 digits
-
Time step: 30 seconds
-
Seed format: Base 32 encryption (Arbitrary)
Windows Phone
-
Microsoft Authenticator: https://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b