X-Payments:Setting up user authentication with the Google Authenticator app

X-Payments can be set up to use an authentication method based on using the Google Authenticator application which you install on your phone. The application is connected to your X-Payments installation, after which it can generate one-time passwords that serve as the second piece of evidence to prove your identity after you have entered your X-Payments login and password.

To set up user authentication via the Google Authenticator app, follow these steps:

1. Install the Google Authenticator app on your phone/mobile device. The installation instructions are available here.
2. In the X-Payments back end, go to the configuration page for the authentication method based on using Google Authenticator (2-step authentication with Google Authenticator).
   
   This page opens automatically after you select Google Authenticator as your preferred user authentication method when you log in to X-Payments for the first time. Also, you can access this page at any time using the "Google Authenticator app configure" link on your profile details page (Profile > View details):
   
   
3. Sync the time on the device where you have installed the Google Authenticator app with the time in X-Payments. Never mind the time zone difference; it is only the minutes and seconds that need to be synchronized. The current time in X-Payments is displayed right on the 2-step authentication with Google Authenticator page:
   
   
4. Add your X-Payments account to the Google Authenticator App. To do so, scan the QR code on the right-hand side of the 2-step authentication with Google Authenticator page:
   
   Or use the Secret code displayed below the QR code to manually register your X-Payments account in the Google Authenticator app:
   
   
5. To test the configuration, enter a one-time password from your Google Authenticator application on the 2-step authentication with Google Authenticator page and click "Check":
   
   Note that the lifetime of a one-time password is one minute, and the same code cannot be used more than once.
   

Provided that the password from the Google Authenticator has been entered correctly, you should see a popup message saying that the authentication method has been configured successfully:

Now user authentication via the Google Authenticator app is enabled and configured:

At the second step of user authentication, you can now use one-time passwords generated by the Google Authenticator app:

Important: After setting up your preferred user authentication method, be sure to create and save a list of backup codes for access to X-Payments:

• Setting up user authentication with backup codes
  
  

Later on, if you need to set up Google Authenticator on a different device, you will have to reconnect the app. Note that to complete the task you will be required to enter a one-time password from your currently connected Google Authenticator app (If you have authentication via SMS/text messages enabled as an additional method, you can also use a one-time password received via SMS/text message instead of the password from Google Authenticator - these passwords are the same and can be used interchangeably).

To re-connect the app:

1. On the configuration page for the authentication method based on using Google Authenticator (2-step authentication with Google Authenticator), click the Re-connect the app button:
   
   A popup window will be displayed providing a form for you to enter a one-time password from your currently connected app:
   
   Type in the one-time password from Google Authenticator (or an SMS/text message) and click Enter. The popup window will be closed, and the method configuration page will show the note "The authentication method is not configured!":
   
   
2. Scan the QR code or manually enter the Secret code to re-connect the app.