Difference between revisions of "X-Payments:Two-factor authentication"
(Created page with "Starting with X-Payments version 3.0, we have changed the system of user authentication in X-Payments. In the previous versions of X-Payments, we already used an authenticati...") |
m |
||
(41 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | <noinclude>{{XP_manual_TOC}}</noinclude> | ||
+ | |||
+ | __NOTOC__<br> | ||
Starting with X-Payments version 3.0, we have changed the system of user authentication in X-Payments. | Starting with X-Payments version 3.0, we have changed the system of user authentication in X-Payments. | ||
Line 8: | Line 11: | ||
The authentication methods based on using the Google Authenticator app and SMS/text messages are primary methods; they can be used independently or alongside one another. Authentication with backup codes is a complementary method; it can be used as a fallback user authentication method if your primary method is unavailable for some reason. | The authentication methods based on using the Google Authenticator app and SMS/text messages are primary methods; they can be used independently or alongside one another. Authentication with backup codes is a complementary method; it can be used as a fallback user authentication method if your primary method is unavailable for some reason. | ||
− | So, if you have installed the latest version of X-Payments, or have upgraded to X-Payments version 3.0 (or later), the first time you will attempt to log in to X-Payments - right after entering your login and password - you will be required to choose a method for the 2nd step of user authentication that you would like to use:<br />[[File:xp3_2step_choose_method.png|border]] | + | So, if you have installed the latest version of X-Payments, or have upgraded to X-Payments version 3.0 (or later), the first time you will attempt to log in to X-Payments - right after entering your login and password - you will be required to choose a method for the 2nd step of user authentication that you would like to use:<br /> |
− | The available options are user authentication with the Google Authenticator app and user authentication with SMS/text messages. | + | :[[File:xp3_2step_choose_method.png|border]]<br /> |
− | + | The available options here are user authentication with the Google Authenticator app and user authentication with SMS/text messages. To continue with the setup of the chosen method, click the '''Continue''' button. You will be directed to the method configuration page. To set up the chosen method for use with your X-Payments, follow the instructions below: | |
− | To continue with the setup of the chosen method, click the '''Continue''' button. You will be directed to the method configuration page. To set up the chosen method for use with your X-Payments, follow the instructions below: | + | :* [[X-Payments:Setting_up_user_authentication_with_the_Google_Authenticator_app | Setting up user authentication with the Google Authenticator app]] |
− | :* [[ | + | :* [[X-Payments:Setting_up_user_authentication_with_SMS/text_messages | Setting up user authentication with SMS/text messages]] |
− | :* [[ | ||
− | |||
− | |||
− | + | The authentication method you choose before your first login to X-Payments will be set as your preferred method for user verification. If you wish, later you will be able to [[X-Payments:Setting_up_an_additional/alternative_method_of_user_authentication | set up an additional/alternative method]] of user authentication and, if necessary, [[X-Payments:Changing_your_preferred_user_authentication_method |change your preferred method]]. | |
− | |||
− | + | After you configure a method for the second step of user authentication, you will be required to enter a one-time password provided to you via your preferred method of authentication every time you log in to X-Payments, unless you configure X-Payments to [[X-Payments:Configuring_X-Payments_to_skip_the_2nd_step_of_user_authentication | skip this step for two weeks]] on you device. | |
− | |||
− | + | After setting up your primary user authentication method, we strongly recommend that you create a list of backup codes that will allow you access to X-Payments if you lose the phone associated with your two-factor authentication settings, or if the authentication method you normally use becomes unavailable for some reason: | |
− | + | :* [[X-Payments:Setting_up_user_authentication_with_backup_codes | Setting up user authentication with backup codes]] | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [[Category:X-Payments User Manual]] | |
− |
Latest revision as of 17:12, 30 March 2017
- X-Payments:General information
- What's New
- System requirements
- Installation
- Two-factor user authentication
- Configuring X-Payments
- Managing users
- Customizing the interface
- Managing payments
- Unistalling X-Payments
- Upgrading
- Moving X-Payments from one host to another
- Viewing X-Payments logs
- FAQ
- Troubleshooting
- Glossary
- Supported payment gateways
- Popular Payment Methods Configuration Instructions
Starting with X-Payments version 3.0, we have changed the system of user authentication in X-Payments.
In the previous versions of X-Payments, we already used an authentication method that depended on more than one "factor": to access the X-Payments back end, a user had to prove their identity by presenting two separate pieces of evidence - 1) a login and a password; 2) a PIN code. In X-Payments version 3.0, user authentication is still based on the two-factor model, but we have provided more options regarding the second component required for user identification. Instead of PIN codes, X-Payments now provides three methods which can be used to verify a user's identity after authenticating them via a login and a password:
- authentication with the Google Authenticator application;
- authentication via SMS/text messages (Twilio integration);
- authentication via backup codes generated by X-Payments.
The authentication methods based on using the Google Authenticator app and SMS/text messages are primary methods; they can be used independently or alongside one another. Authentication with backup codes is a complementary method; it can be used as a fallback user authentication method if your primary method is unavailable for some reason.
So, if you have installed the latest version of X-Payments, or have upgraded to X-Payments version 3.0 (or later), the first time you will attempt to log in to X-Payments - right after entering your login and password - you will be required to choose a method for the 2nd step of user authentication that you would like to use:
The available options here are user authentication with the Google Authenticator app and user authentication with SMS/text messages. To continue with the setup of the chosen method, click the Continue button. You will be directed to the method configuration page. To set up the chosen method for use with your X-Payments, follow the instructions below:
The authentication method you choose before your first login to X-Payments will be set as your preferred method for user verification. If you wish, later you will be able to set up an additional/alternative method of user authentication and, if necessary, change your preferred method.
After you configure a method for the second step of user authentication, you will be required to enter a one-time password provided to you via your preferred method of authentication every time you log in to X-Payments, unless you configure X-Payments to skip this step for two weeks on you device.
After setting up your primary user authentication method, we strongly recommend that you create a list of backup codes that will allow you access to X-Payments if you lose the phone associated with your two-factor authentication settings, or if the authentication method you normally use becomes unavailable for some reason: