A quick update to all our Hoiio users! We will be rolling out Two-Factor Authentication (2FA) across all portal in the next few days.
- Why 2FA
- Our 2FA System
- Some Notes
2FA is one of the best ways to protect you against hijacking attempts such as phishing and credential exploitation aiming to takeover your accounts.
Generally the 2FA flow requires an additional credential besides your login username/password (hence the number 2 in 2FA) to prove that you are the genuine owner of the account. Without the extra credential, remote attackers can’t pretend to be you in order to gain unauthorized access to your account.
2FA is a type of Multi-Factor Authentication (MFA). Read more here.
Hoiio’s 2FA system requires users to have a valid, verified email address before they can enable 2FA on their account.
After it is enabled, whenever a user logs in or performs important account updates, a verification code will be sent to their email and they will be required to enter the code to proceed with the rest of the flow.
After you login to the portal, navigate to Account Settings
There, you’ll see a new “Security” section with a child menu to help you setup 2FA. Click on the only button there to start the process.
You’ll be prompted to verify your current email address before continuing.
After completing the verification process, a Recovery Key will be shown to you. As instructed, please keep the key in a separate location from your email.
A Recovery Key acts as a back-up method in case you lose access to your email. Please keep it safe.
A convenient “Download” button will download the key to your computer, allowing you to store the key in your preferred cloud storages.
After 2FA is enabled, your Security setting will look like this. And you’re done.
The next time you login, you’ll be required to enter the verification code sent to your email or you can use your Recovery Key in case you lose access to your email.
Disabling 2FA is similar to how you enable 2FA. It will require you to go through the verification process again.
For now, a Recovery Key can be used multiple times. In future, Hoiio will force a re-creation of Recovery Key if a previous key has been used. You are advised to create a new Recovery Key whenever you used the old key.
The 2FA system currently supports verification code delivered to email for now. Supporting for third-party authentication services like Google Authenticator or Authy will be provided soon.
Interested for a demo or need more information?
Enter your contact information below and we will contact you shortly.