Two-factor authentication (2FA) provides an additional layer of security for authenticating users. The user is granted access only after successfully presenting two pieces of evidence (or factors): knowledge (something the user and only the user knows), and possession (something the user and only the user has).

Naverisk uses a password and/or a PIN code as the knowledge factor, and a Time-based One Time Password (TOTP), generated by the Google Authenticator (or compatible) application as the possession factor. A person without knowledge of the Password/PIN code and possession of the device running Google Authenticator is unable to log into Naverisk.

This document details the steps of setting up Google Two-Factor Authentication for users of Naverisk. This guide will also cover setting up Google Authenticator on an iPhone to generate authentication codes.

It is recommended that the Google Authenticator or compatible application such as MS authenticator is downloaded onto a smartphone to generate the authentication code needed when logging in. This can be found by simply searching for the Authenticator app on the Apple App Store (iPhone) or Google’s Play Store (Android).

Note that 2FA can only be configured by the individual user for themselves. It is not possible to set up 2FA on behalf of another user, as the 2FA key is not visible for user accounts other than your own.

2. Under the Authentication section, click the drop-down arrow for Authentication Type.

1. Select Google 2FA. (select this for MS authenticator if using)
2. Take note of your 2FA Key, as you will need this shortly. Enter a PIN number that you will remember. PIN Numbers can only contain numbers, and be up to 6 digits long.
​Note: while the PIN number is not mandatory, it is strongly recommended to configure a PIN number. Failure to configure a PIN will reduce authentication back to single-factor (can log in with possession of the device with the Google Authenticator app).

​

3. If you wish to scan a QR code, click on Show QR Code.
4. It will then show you a QR code to scan to your phone.

5. Then click Save.

1. Select Google 2FA + Password.
2. Take note of your Google 2FA Key, as you will need this shortly. You may optionally also enter a PIN number that you will remember. PIN Numbers can only contain numbers, and be up to 6 digits long.
3. Your original Naverisk password will remain the same when used with 2FA. You can enter a new password if you wish to change it.

​

4. If you wish to scan a QR code, click on Show QR Code.
5. It will then show you a QR code to scan to your phone.

6. Then click Save.

2. In the Authenticator app, tap the + icon.

3. You can then either choose to scan a QR code or enter manually. In this case, we will enter the code manually.

4. Enter an identifiable name under Account (e.g. Naverisk), then under Key enter the Google 2FA key you noted down above. Then tap the Tick button.

5. If successful, you should then see your Naverisk Authentication code.

Go back to the Naverisk login portal, when you type in your Username you should now see Google 2FA Code next to the password field.
​

Using your phone, type in the Google Authentication code displayed on the app, followed by your pin number you entered previously (CODEpin). You should now be logged in.

It is important to make sure that your phone is using the correct time, otherwise your Authentication Code will not work – even if the time is slightly out.

If you are running an Onsite instance of Naverisk, please also check that your Site Controller’s time is also correct.

If you are using Naverisk in the Cloud, please contact support@naverisk.com so we can investigate.

If the initial setup of the Authenticator app is not accepting your 2FA key, please ensure you are entering the exact key. It may also be related to time sync problems

On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your Device’s Date & Time settings.