Understanding authentication

Authentication is how people demonstrate that they have the right to access a computer system. Typically authentication is performed by a user entering a known username together with a secret password.

Generally speaking, usernames and passwords are no longer considered sufficiently secure. Many services have implemented what is called “Two Factor Authentication” (2FA) in order to increase the difficulty for an attacker to improperly access the systems. 2FA adds to the level of security by requiring a user to supply two kinds of proof that they are who they claim to be.

lightbulb

In general, there are three types proof that you are who you say you are:

• Something you know.
• Something you have.
• Something you (and only you) are.

MVOW has implemented 2FA by using:

• your password (something you know), paired with
• Google Authenticator running on your phone (something you have)

This makes your account much more secure, since an attacker would need to know more than your secret: they would also need your phone.

How does MVOW’s two factor authentication work?

On first login, you are asked to scan a QR code using Google Authenticator.

This QR code is then used to generate a secure six-digit code that changes every 30 seconds, and is accessible from your phone.

You will be asked to enter the current six-digit code from your phone every time you log in. This way, only someone with your username, password and phone can access your account.