Two-factor authentication (2FA) provides an added layer of security for your WriteUpp account. This is a site-wide setting so before you enable it its important to understand:

What it is?
How it works?
What are the implications of enabling 2FA?


As the name suggests 2FA uses two mechanisms (instead of one) to verify your identity when you login to WriteUpp. In our case these two mechanisms are:

Username/password - like normal
Your mobile phone

All this means in reality is that the login process has one extra step after you have entered your username and password. This step involves entering a Time-based, One-time Password (TOTP) which is a six digit code generated by the Google Authenticator app on your mobile phone.

In case you're wondering, time-based means the code changes every 30 seconds 

The thinking behind this is that if your username/password is compromised, anyone trying to maliciously access your account would also require your mobile phone to generate your unique six digit code to gain access to your account.


Enabling 2FA (Site Admin Only)

If you wish to enforce 2FA for all users on your site you first need to activate it. You'll also need to have the Google Authenticator app installed on your phone. This is a one-time process and you do this by following these steps:

Log in to WriteUpp as normale

Go to Settings -> Users


At this point we perform a check to see if you have any text credits, which are required if you wish to enable 2FA

If you don't have any text/SMS credits you will be prompted to purchase them. We use SMS to verify a user's identity and as an alternate way of sending the six digit code if the user is unable to use the Authenticator app.

If you already have text/SMS credits you will be taken to the screen shown below (without the voided barcode):

Using the Google Authenticator app, scan the QR code displayed on your screen

Enter the code displayed in the Google Authenticator app to the field displayed at point 5 within WriteUpp then click on Activate

You will be asked to verify your mobile phone number to complete the process. This allows us to send your 2FA code via SMS if you are unable to access Google Authenticator as a backup option.

Enter your mobile number and click on Send SMS

You'll receive a 4 digit code by SMS which should be entered in screen, then click Verify

Once you have entered the correct code and it has been verified, 2FA will be active on your site and from this point forwards all users will need to use 2FA to login.

First Time Set Up Of 2FA For Users

This is mandatory if you activate 2FA. Your users will not be able to login to WriteUpp until they have completed the setup process

Once you have enabled 2FA, ALL of your users will be taken to the following screen when they next login. They should follow the on-screen instructions:

The steps are summarised below:

Download and install Google Authenticator: Get it here for -> iPhone and Android

Open Google Authenticator on your mobile phone, click on "+" to add WriteUpp

Scan the barcode on screen (in WriteUpp)

Enter the six digit code in the field on screen and click on "Activate"

Check mobile number and click "Confirm"

Enter the four digit security code sent via text/SMS to your mobile

When your code has been validated 2FA is set up

To be clear, this is the 2FA set up process for your users. Unless they lose/change their mobile phone this is a one-time process.

Logging In Once 2FA Has Been Turned On

Once 2FA has been activated (by Site Admin) and set up by your users it is very straightforward to use on a day to day basis, as below:

Enter your your username and password in WriteUpp as normal

Open the Authenticator app on your mobile phone

Enter the six digit code and click on "Verify"

That's it!

If your users don’t want to enter a 2FA code every time they login to WriteUpp, they can mark their computer or device as "trusted" and they will only need to re-authenticate (via 2FA) every 30 days or sooner if they clear their browser cache.

Your users should only check "Trust this device" on computers that they/you own or have exclusive control of.**

To find out more about Trusting devices take a look at the article below:

What does "Trust this device" mean?

The peace of mind offered by 2FA is irrefutable but before you go ahead and activate 2FA on your account please read the implications below very carefully:

your users will always need their mobile device with them to login to WriteUpp unless they checked "Trust this device" when they previously authenticated. If so, they will not need to enter a new code for 30 days or sooner if they clear their browser cache.

your users will be unable to login to WriteUpp if they lose their mobile phone and have not checked "Trust this device" when they previously authenticated.

you must be confident that your users will be capable of performing the one time set up of 2FA that will be required after you have activated 2FA. Please also keep in mind that they MUST do this on a desktop/laptop device

you must be confident that your users will be comfortable logging in to WriteUpp with the additional step that is required by 2FA.

your users will need their own mobile phone which is capable of installing the authentication app, described later in this article.

you will need to purchase text credits so that we can verify the identity of your users (via their mobile phone) and send their 2FA code via SMS in the event that they are unable to access the authenticator app.

your users will not be able to use the WriteUpp mobile app unless they are running the latest version of the app.

in WriteUpp, 2FA is "all or nothing". By this we mean that it is a site-wide security setting which is not turned on by default but if you do activate it you will be doing so for all users. There is no option to apply it on a user by user basis.

turning on 2FA may result in an increase of instances where your users have issues logging in to WriteUpp. This isn't a consequence of any technological deficiencies in 2FA or WriteUpp. It typically happens because users fail to follow the correct process when logging in with 2FA. To minimise these issues you should ensure that all your users have read the following articles:

How do I set up user-based two-factor authentication (2FA)?

How do I login once I have set up 2FA? 

you may experience adverse feedback from your users who feel that the requirement to a) have their mobile with them whenever they login to WriteUpp b) enter a unique code as well as their username/password is unnecessarily onerous.

because of the nature of 2FA, we cannot provide assistance with 2FA login issues. The technology that we are using to implement 2FA in WriteUpp is used industry-wide and in 99.999% of cases will not be the cause of any login problems that you or your users might experience. In nearly all situations, the problem will be user error and these will need to be handled internally by your own admin team. To be clear, any 2FA issues will be redirected to the Site Admin by our Help Desk.
Was this article helpful?
Thank you!