Multi-factor authentication

Multi-factor authentication (MFA) is an authentication method that verifies users through two or more authentication steps. You can enhance the security of your account and services by using multi-factor authentication.

Setting up multi-factor authentication

The WhaTap monitoring service provides OTP and Email as multi-factor authentication methods. The OTP method is recommended.

Note

What is OTP? OTP stands for One Time Password, an authentication method that uses a randomly generated one-time password instead of a fixed password.

Navigate to the Manage Accounts page by following the steps below, and then set up multi-factor authentication.

1. Log in to the WhaTap monitoring service.

2. Select the profile icon at the top right of the screen. A drop-down menu appears.

3. Select Manage Accounts.

4. Scroll down the page to the Multi-factor authentication section.

   

Select your preferred authentication method: OTP or Email.

OTP authentication

If you selected OTP as the multi-factor authentication method, you must install an OTP app on your mobile device.

• Android: Google OTP
• iOS: Google Authenticator

Note

You can also perform OTP authentication through the WhaTap mobile app. For more information, see the following.

Setting up OTP-based multi-factor authentication

1. Select OTP as the multi-factor authentication method, and then select (Re)Create OTP key.

2. Select QR code or OTP key, and then register the key in the OTP app on your mobile device.

   • To use the QR code, select Scan a QR code and scan the QR code with your mobile device. (The QR code method is recommended for convenience.)

   • To use the OTP key, select Enter a setup key and enter your account and OTP key on your mobile device.

   

3. Enter the issued OTP token in the Verify text box.

4. Select the Validate OTP key button.

5. When the Recovery code window appears, select the Save recovery code button to download or copy and save the code.

   Note

   The recovery code is an alternative to the OTP key in case you lose your OTP authentication device. Keep the downloaded recovery code file (WhaTap-recovery-codes.txt) in a safe place.

When you close the Recovery code window, the OTP-based multi-factor setup is complete. To verify the multi-factor authentication settings, log out and then log in again.

Note

For how to log in using the recovery code when you lose your OTP authentication device, see the following.

Using OTP-based multi-factor authentication

1. On the Login page, enter your email and password to log in.

2. When the multi-factor authentication screen appears, check your OTP key in the OTP app on your mobile device.

3. Enter the issued OTP key and then select the Authentication button.

If the OTP token validation is successful, you can access the service screen.

Authenticating with the recovery code

If you have lost your OTP authentication device, you can log in using the recovery code.

1. On the Login page, log in.

2. When the multi-factor authentication screen appears, select Use a Recovery Code.

   

3. Copy a code from the downloaded recovery code file (WhaTap-recovery-codes.txt) and paste it in the recovery code field.

4. Select the Authentication button.

Go to the Multi-factor authentication section in the Manage Accounts menu and attempt email or OTP authentication.

Email token authentication

Setting up email token-based multi-factor authentication

1. Select Email as the multi-factor authentication method, and then select Send Auth Token via Email.

2. Check the verification token (Verification Code) received from no-reply@whatap.io in your email. If you did not receive the email, check your spam folder.

3. Enter the received verification token in the Verify text box.

4. Select the Validate Email Token button.

The email-based multi-factor setup is now complete. To verify the multi-factor authentication settings, log out and then log in again.

Using email token-based multi-factor authentication

1. On the Login page, log in.

2. When the multi-factor authentication screen appears, check the authentication code sent to your email.

3. Enter the authentication token received via email and then select the Authentication button.

If the email authentication token validation is successful, you can access the service screen.

Disabling multi-factor authentication

You can disable multi-factor authentication only when it is currently enabled. Go to the Multi-factor authentication section in the Manage Accounts menu, and then select Clear OTP key or Clear multi-factor authentication.