8
edits
BMO/UserGuide/Two-Factor Authentication: Difference between revisions
BMO/UserGuide/Two-Factor Authentication (view source)
Revision as of 16:09, 24 November 2022
, 24 November 2022→Help! My phone has been destroyed: fix typo
Ljcool2006 (talk | contribs) (→Help! My phone has been destroyed: fix typo) |
|||
| (8 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== Bugzilla and Two-Factor Authentication == | |||
BMO | [https://bugzilla.mozilla.org bugzilla.mozilla.org (BMO)] uses either | ||
[[#Configure_2FA:_TOTP_.28Google_Authenticator.29|TOTP]] or [[#Configure 2FA: Duo|Duo Security]] for Two-Factor authentication. | |||
Duo is only available for all Mozilla employees, while TOTP is available to everyone. | |||
All Mozilla employees should use Duo Security where possible. | |||
It is also very import to generate [[#Generate Recovery Codes|Recovery Codes]] | |||
and store them in a safe, offline location. | |||
== Configure 2FA: TOTP (Google Authenticator) == | == Configure 2FA: TOTP (Google Authenticator) == | ||
| Line 10: | Line 18: | ||
Click the button labeled "Time-based One-Time Password | Click the button labeled "Time-based One-Time Password | ||
(TOTP)"<br>https://i.imgur.com/ | (TOTP)"<br>https://i.imgur.com/rQSy4qYl.png | ||
You will now see a barcode.<br> | You will now see a barcode.<br> http://i.imgur.com/AnjoUgOl.png | ||
Pick up your device and open the authenticator app. There will be a screen with | Pick up your device and open the authenticator app. There will be a screen with | ||
| Line 36: | Line 44: | ||
The password field is above the barcode, and field for the six digit code is | The password field is above the barcode, and field for the six digit code is | ||
below. <br> https://i.imgur.com/ | below. <br> https://i.imgur.com/XZ3VmNll.png | ||
Now enter that six digit code into the text box under the barcode. | Now enter that six digit code into the text box under the barcode. | ||
| Line 49: | Line 57: | ||
== Configure 2FA: Duo == | == Configure 2FA: Duo == | ||
The following instruction will guide you through configuing 2FA using Duo. | |||
Duo is only available to Mozilla employees at this time. | |||
First, You must be [https://mana.mozilla.org/wiki/display/SD/DuoSecurity enrolled with Duo Security via login.mozilla.com] before you can use Duo 2FA. | |||
In addition to the app, you will need to know what your Duo username is -- this is your LDAP email | |||
which might not be the same (and does not have to be) as your Bugzilla email ("bugmail"). | |||
== Recovery Codes == | Visit the [http://bugzilla.mozilla.org/userprefs.cgi?tab=mfa Two-Factor Authentication] page, | ||
and click the button labeled "Duo Security" <br> | |||
https://i.imgur.com/QFtqu8dl.png | |||
Now you'll see two text fields. The first is for your current password, | |||
and the second one is the username you use for Duo -- your LDAP email.<br> | |||
https://i.imgur.com/gnSb5QUl.png | |||
After filling in those forms and clicking "Submit Changes", you will encounter the typical Duo authentication screen, | |||
similar to the one that you get when logging into other Mozilla services. | |||
== Generate Recovery Codes == | |||
Recovery Codes are special codes | Recovery Codes are special codes | ||
| Line 60: | Line 85: | ||
failsafe. If you do not have recovery codes and you lose your device you might | failsafe. If you do not have recovery codes and you lose your device you might | ||
lose access to your account forever. | lose access to your account forever. | ||
Visit the [http://bugzilla.mozilla.org/userprefs.cgi?tab=mfa Two-Factor Authentication] page. | |||
Assuming that you're using 2FA, you will see a screen that looks something like the following<br> | |||
https://i.imgur.com/zAqQnMll.png | |||
Click on "Generate Printable Recovery Codes". | |||
You'll be taken to a page and required to re-authenticate using both your password and your second factor (either Duo or TOTP). | |||
Continuing through that, you'll get something like this:<br> | |||
https://i.imgur.com/UvDyXJhm.png | |||
If possible, you should print those codes out. If printing is not an option, | |||
write them down. In either case, it is important to keep them in a safe place -- and not on your computer. | |||
There are ten codes, and each code can be used once instead of your authenticator -- and typically you would use them to disable and re-enable 2FA in the event you lose your authenticator device. | |||
== FAQ == | |||
=== I'm using Duo and all I see is a white box === | |||
Check your browser addons -- it's possible that some extension is blocking Duo. | |||
=== I'm using TOTP and my code doesn't work === | |||
# Make sure time on your computer is correct. If your computer's clock is off, it will prevent TOTP from working. | |||
# Make sure you're using the right code generator -- if you're using TOTP you will *not* be using the Duo app, for instance. | |||
=== Help! My phone has been destroyed === | |||
This is why you must generate and store [[#Generate Recovery Codes|Recovery Codes]]! If you did, you can use | |||
one of those Recovery codes to disable 2FA and re-enable it on a new device. | |||
If you lose both your recovery codes and your device: | |||
* If you're a Mozilla employee, contact Service Desk | |||
* If you're a community member, email bugzilla-admin [at] mozilla.org. | |||
In either case, you will need to provide sufficient evidence of your identity. | |||