BMO/UserGuide/Two-Factor Authentication: Difference between revisions

done
(stuff)
(done)
Line 1: Line 1:
== Bugzilla and Two-Factor Authentication ==


BMO supports two either TOTP or Duo. Duo is only available for Mozilla employees, while TOTP is available to everyone.
[https://bugzilla.mozilla.org bugzilla.mozilla.org (BMO)] uses either  
[[#Configure_2FA:_TOTP_.28Google_Authenticator.29|TOTP]] or [[#Configure 2FA: Duo|Duo Security]] for Two-Factor authentication.
Duo is only available for all Mozilla employees, while TOTP is available to everyone.
 
It is also very import to generate [[#Generate Recovery Codes|Recovery Codes]]
and store them in a safe, offline location.


== Configure 2FA: TOTP (Google Authenticator) ==
== Configure 2FA: TOTP (Google Authenticator) ==
Line 68: Line 74:
similar to the one that you get when logging into other Mozilla services.
similar to the one that you get when logging into other Mozilla services.


== Recovery Codes ==
== Generate Recovery Codes ==


Recovery Codes are special codes
Recovery Codes are special codes
Line 77: Line 83:
failsafe. If you do not have recovery codes and you lose your device you might
failsafe. If you do not have recovery codes and you lose your device you might
lose access to your account forever.
lose access to your account forever.
Visit the [http://bugzilla.mozilla.org/userprefs.cgi?tab=mfa Two-Factor Authentication] page.
Assuming that you're using 2FA, you will see a screen that looks something like the following<br>
https://i.imgur.com/zAqQnMll.png
Click on "Generate Printable Recovery Codes".
You'll be taken to a page and required to re-authenticate using both your password and your second factor (either Duo or TOTP).
Continuing through that, you'll get something like this:<br>
https://i.imgur.com/UvDyXJhm.png
If possible, you should print those codes out. If printing is not an option,
write them down. In either case, it is important to keep them in a safe place -- and not on your computer.
There are ten codes, and each code can be used once instead of your authenticator -- and typically you would use them to disable and re-enable 2FA in the event you lose your authenticator device.


== FAQ ==
== FAQ ==
=== I'm using TOTP and my code doesn't work ===
# Make sure time on your computer is correct. If your computer's clock is off, it will prevent TOTP from working.
# Make sure you're using the right code generator -- if you're using TOTP you will *not* be using the Duo app, for instance.
=== Help! My phone has been destroyed ===
This is why you must generate and store [[#Generate Recovery Codes|Recovery Codes]]! If you did, you can use
one of those Recovery codes to disble 2FA and re-enable it on a new device.
If you lose both your recovery codes and your device:
* If you're a Mozilla employee, contact Service Desk
* If you're a community member, email bugzilla-admin [at] mozilla.org.
In either case, you will need to provide sufficient evidence of your identity.
Confirmed users
437

edits