To further strengthen the security of your site, LexBlog includes two-factor authentication, which requires the use of a second factor (in addition to your standard username and password) to log in to your site. This added step ensures that if your username and password were ever stolen, access to your platform would remain protected. The second factor we're using is a time-based one-time password generated using your choice of several free smartphone apps.
Available On: All Plans
Note: two-factor authentication is available on a user by user setup. Those on our Enterprise Plan can reach out to the LexBlog Success Team through email or a phone call for assistance in making two-factor authentication a requirement across all sites on their Enterprise install.
You will need
- Your blog username and password.
- Your smartphone.
- A two-factor authentication app installed on your phone platform:
Steps
Log in to any of your sites, click on Two Factor Auth in the left menu. Just like your username and password, two-factor authentication will work on any of your sites once you set it up on one.
Scroll down to the Your current one-time password, QR code/private key and emergency codes section to scan your QR code with your two-factor authentication smartphone app. Alternatively you can enter your short alphanumeric private key into your two-factor authentication smartphone app.
For details on how to operate your two-factor authentication app, please visit the official support pages of the app for your device operating system. Here are the support pages of popular two-factor authentication apps:
Once you've scanned your QR code or entered your private key into your two-factor authentication app on your smartphone, you will see a six digit number that refreshes every 30 seconds. On the Your Two-Factor Authentication page click the Refresh for current code link, and confirm that the six digit number on the page matches the current number in your two-factor authentication app.
Under Emergency codes on the Your Two-Factor Authentication page, copy the three six digit codes and store them in a safe place. Each of these codes may be used once to log in to your account if you don't have your two-factor authentication device. When you use your last emergency code, you will need to follow these steps again to set up two-factor authentication with a new QR code/private key.
Under Activate two-factor authentication on the Your Two-Factor Authentication page, click Enabled to complete the activation.
Now when you log in to a site, after entering your username and password, you will be directed to a page where will you have to enter the six digit code in your two-factor authentication app to complete your login process.
Frequently Asked Questions
How do I stay logged in on a trusted device?
To remain logged in for two weeks on a trusted device, be sure to check the "Remember Me" box below the password field on the login page.
What if I don't have my two-factor authentication device or my emergency codes?
You should the LexBlog Success Team through email or phone call. They will be able to temporarily disable two-factor authentication for your account. Once disabled you can then login with your email or username and password to then set back up your two factor authentication.
How do I require users to set up two-factor authentication?
By default, two-factor authentication is available to all users to set up for their account but is not required. To require it for certain user roles for those on our Enterprise service plan, please reach out to the LexBlog Success Team over email or a phone call for assistance.
We recommend requiring two-factor of Administrator and Editor roles at least. You can set a grace period for new users to set up their two-factor authentication (default is 10 days). Note: Requiring two-factor will lock out any users of those roles who haven't set up two-factor authentication yet. We recommend communicating a deadline for two-factor activation with your users and then enforcing the requirement after the deadline.