Two-Factor Authentication
Vulnotes supports two-factor authentication (2FA) to add an extra layer of security to user accounts. Two methods are available: TOTP (authenticator app) and email-based verification.
TOTP (Authenticator App)
This is the recommended method. Users set up 2FA by scanning a QR code with an authenticator app like Google Authenticator, Authy, or 1Password.
To enable TOTP:
- Go to Profile > Security
- Click Enable 2FA
- Scan the QR code with your authenticator app
- Enter the 6-digit verification code to confirm
After setup, every login requires both a password and a code from the authenticator app.
Email-based 2FA
As an alternative, users can receive a verification code by email on each login. This does not require an authenticator app but is less convenient and depends on email delivery.
Enforcing 2FA for all users
Administrators can require 2FA for every user on the instance. Go to Administration > Settings > Security and enable the Require 2FA option.
When this is enabled, users who have not set up 2FA will be prompted to do so on their next login. They cannot access the platform until 2FA is configured.
Recovery
If a user loses access to their authenticator app, an administrator can disable 2FA on their account from the User Management page. The user can then log in with just their password and set up 2FA again.