Two-factor authentication (2FA) provides an added layer of security for your WriteUpp account. This is a site-wide setting so before you enable it, it's important to understand:

What it is
How it works
The implications of enabling 2FA

Please don't activate 2FA on your account until you have read this document in its entirety

As the name suggests, 2FA uses two mechanisms (instead of one) to verify your identity when you login to WriteUpp. In our case these two mechanisms are:

Username/password - like normal
A verification code generated by an authenticator app, usually on your mobile phone

All this means is that the login process has one extra step after you have entered your username and password. This step involves entering a Time-based, One-time Password (TOTP) which is a six digit code generated by an authenticator app on a device, most likely your mobile phone.

On most devices, we would recommend using Google Authenticator, which we will use to walk you through the setup.

Other authenticator apps are available, which will generally follow the below steps as well.

If you are using macOS Monterey (or later) or iOS 15 (or later), you can use the built in verification code generator within your iCloud keychain password manager if you are working on Safari.

Using a time-based, one-time password means the code changes every 30 seconds

The thinking behind this is that if your username/password is compromised, anyone trying to maliciously access your account would also require your mobile phone to generate your unique six digit code to gain access to your account.

Please don't activate 2FA yet. Be sure to check out the implications at the end of this document before proceeding

Enabling 2FA (Site Admin Only)

If you wish for all users on your site to use 2FA when logging in, a site administrator will first need to enable it, which is a one time process. By enabling it, the site administrator who completes the process will also set up their own 2FA for logging in.

Using Google Authenticator

To use the Google Authenticator app, you'll need to install it either on your mobile phone via either the Apple App store or the Google Play store

Log in to WriteUpp as normal

Go to Main Menu -> Settings -> Users and click on Configure Two-Factor Authentication

At this point we perform a check to see if you have any text credits, which are required if you wish to enable 2FA. If you don't have any SMS credits you will be prompted to purchase them. We use SMS to verify a user's identity and as an alternate way of sending the six digit code if the user is unable to use the Authenticator app.

If you already have SMS credits you will be taken to the 2FA set up page

Open the Google Authenticator app, tap on the + icon on screen and choose Scan a QR code

Using your phone, scan the QR code shown on your WriteUpp screen. This will create an entry in the Authenticator app for your WriteUpp account, and generate a six digit code

Enter the code displayed in the Google Authenticator app into the field shown on your WriteUpp screen

You will be asked to verify your mobile phone number to complete the process. This allows us to send your 2FA code via SMS if you are unable to access Google Authenticator as a backup option.

Enter your mobile number and click on Send SMS

You'll receive a 4 digit code by SMS which should be entered in screen, then click Verify

Once you have entered the correct code and it has been verified, 2FA will be active on your site and from this point forwards all users will need to use 2FA to login.

The next time you log out and back in to WriteUpp, you will need to use the entry in Google Authenticator that you generated by following these steps.

Using iCloud Keychain

First of all, make sure that you are using Safari and that your login details are already saved to your iCloud keychain. After logging into WriteUpp, follow the below steps:

Go to Main Menu -> Settings -> Users and click on Configure Two-Factor Authentication

At this point we perform a check to see if you have any text credits, which are required if you wish to enable 2FA. If you don't have any SMS credits you will be prompted to purchase them. We use SMS to verify a user's identity and as an alternate way of sending the six digit code if the user is unable to use the Authenticator app.

If you already have SMS credits you will be taken to the 2FA set up page

When the screen opens:

On macOS, right click on the QR code and choose Set up Verification Code:



On iOS, tap and hold the QR code and choose Add Verification Code in Passwords:



If you right click on the QR code and you don't see the option to set up a verification code, your version of macOS or iOS doesn't support QR codes and you should use Google Authenticator (or another authenticator app).

Use your Apple verification (FaceID/TouchID/Password etc) to access the list of passwords saved in your keychain

Find your WriteUpp account details when prompted to "Choose an account to add this verification code to"

You'll be taken to the account details as saved in your keychain and see an additional "Verification code" field has been added

Navigate back to Safari and click or tap into the field which says "Enter the 6 digit code here"

Safari should offer you a verification code at the bottom of the window, which will come directly from the information saved in your keychain

If it doesn't, you can navigate to the Passwords on your device, find your WriteUpp details and manually copy the verification code. Bear in mind that it is time sensitive and changes every 30 seconds!

Use your Apple verification (FaceID/TouchID/Password etc) to confirm the use of the code and click or tap on Activate

Enter or confirm your mobile number on the next screen and click or tap on Send SMS

SMS verification is used as a back up method of authentication, which is why you'll be asked to confirm it as part of the setup process

Enter the code received via SMS and click or tap on Verify

You should be taken back to the 2FA screen and see a message confirming that set up was successful and 2FA is active

The next time you log in, Safari should match your login details to the verification code you set up by following the above steps and offer it as an autofill option. If it doesn't, you can go to Settings -> Passwords and manually copy the code from the entry containing your WriteUpp details.

First time set up of 2FA for users

This is mandatory if you activate 2FA. Your users will not be able to login to WriteUpp until they have completed the setup process

Once you have enabled 2FA, all of your users will be taken to the following screen when they next login. They should follow the on-screen instructions:



The 2FA set up process for a user logging in for the first time one it has been enabled is covered in detail here:

How do I set up two-factor authentication (2FA) as a user?

You might want to provide this to your users when you enable 2FA so that they know what to expect.

Logging In Once 2FA Has Been Turned On

Once 2FA has been activated (by Site Admin) and set up by your users, it is very straightforward to use on a day to day basis.

Enter your your username and password in WriteUpp as normal

Use the configured authentication method (Google authenticator or iCloud keychain) to retrieve your verification code

Enter the six digit code and click on "Verify"

That's it!

If your users don’t want to enter a 2FA code every time they login to WriteUpp, they can mark their computer or device as "trusted" and they will only need to re-authenticate (via 2FA) every 14 days or sooner if they clear their browser cache.

Your users should only check "Trust this device" on computers that they/you own or have exclusive control of

To find out more about Trusting devices take a look at the article below:

What does "Trust this device" mean?

Implications of enabling 2FA

The peace of mind offered by 2FA is irrefutable but before you go ahead and activate 2FA on your account, please read the implications below very carefully.

With 2FA enabled:

Your users will always need their mobile device with them to login to WriteUpp unless they checked "Trust this device" when they previously authenticated. If so, they will not need to enter a new code for 14 days or sooner if they clear their browser cache.

Your users will be unable to login to WriteUpp if they lose their mobile phone and have not checked "Trust this device" when they previously authenticated.

You must be confident that your users will be capable of performing the one time set up of 2FA that will be required after you have activated 2FA. If using an external authenticator app, please also keep in mind that they must do this on a desktop/laptop device.

You must be confident that your users will be comfortable logging in to WriteUpp with the additional step that is required by 2FA.

Your users will need their own mobile phone which is capable of installing the authentication app, described later in this article.

You will need to purchase text credits so that we can verify the identity of your users (via their mobile phone) and send their 2FA code via SMS in the event that they are unable to access the authenticator app.

Your users will not be able to use the WriteUpp mobile app unless they are running the latest version of the app.

in WriteUpp, 2FA is "all or nothing". By this we mean that it is a site-wide security setting and if you do activate it you will be doing so for all users. There is no option to apply it on a user by user basis.

Turning on 2FA may result in an increase of instances where your users have issues logging in to WriteUpp. This isn't a consequence of any technological deficiencies in 2FA or WriteUpp. It typically happens because users fail to follow the correct process when logging in with 2FA. To minimise these issues you should ensure that all your users have read the following articles:

How do I set up two-factor authentication (2FA) as a user?

How do I login once I have set up 2FA? 

You may experience adverse feedback from your users who feel that the requirement to a) have their mobile with them whenever they login to WriteUpp b) enter a unique code as well as their username/password is unnecessarily difficult.

Because of the nature of 2FA, we cannot provide assistance with 2FA login issues. The technology that we are using to implement 2FA in WriteUpp is used industry-wide and in 99.999% of cases will not be the cause of any login problems that you or your users might experience. In nearly all situations, the problem will be user error and these will need to be handled internally by your own admin team. To be clear, any 2FA issues will be redirected to the Site Admin by our Help Desk.
Was this article helpful?
Cancel
Thank you!