How To Check 8 Digit Backup Code

0 views
Skip to first unread message

Marthe Bernskoetter

unread,
Aug 4, 2024, 5:13:55 PM8/4/24
to conteostanan
Multifactor authentication (also known as MFA, two-step verification, two factor authentication, or 2FA) is a highly recommended security feature that adds an extra layer of protection to your Dropbox account. Enabling multi-factor authentication means that Dropbox will require a six-digit security code (in addition to your password) when you log in to your account or link a new computer, phone, or tablet.

If you choose to receive your security codes by text message, you need a phone capable of receiving text messages (carrier rates may apply). A text message containing a security code will be sent to your phone each time you log in to Dropbox.


After enabling multi-factor authentication, consider adding a backup phone that can receive text messages as well. If you ever lose your primary phone, or can't use your authenticator app, you can send a security code to your backup phone number instead.


You can use a security key for multi-factor authentication, rather than a six-digit security code. A security key is a small USB, Bluetooth, or Near Field Communication (NFC) device that follows one of the open standards:


Currently, security keys are only supported on select devices and browsers, so you must first set up multi-factor authentication for your Dropbox account and select to receive codes via SMS messages or a mobile app. This step ensures that you have a backup method, in case a device doesn't support your security key.


Note: There are different ways to activate security keys. Your key may require a tap or button press to activate registration. If you're having difficulty completing security key registration, verify that your security key is U2F or WebAuthn capable. You can also refer to the manufacturer instructions specific to your device.


Not sure this is the right place to post this, but I am hoping someone from Check Point is reading this.



Check Point removed the option to use backup codes when logging in in the Check Point websites when MFA is enabled. It seems only Google Authenticator and SMS is supported.



We have customers with a strict security policy and it is not allowed to bring mobile phones into the building. This means I have no access to the one-time code from Google Authenticator or SMS. That's why the backup codes are very usefull to me.



By removing this option, I am unable to access Check Point resources such as licenses, SK articles and software and this will limits me when supporting these Check Point customers.



Anyone else has the same issues now? Is there a work-around?



Regards,

Martijn


When MFA is enabled, you can either vote for using the MS Authenticator App or SMS. You can also skip the second step on devices you trust, such as your own computer. For me, i can in most cases log in using UN / PW, although after a certain time span or log off, i will have to use the MS Authenticator App for MFA to log in again.


So i would suggest that in cases you will visit customers with a strict security policy, log in using MFA before the visit as that should leave you on a trusted device for some time. Of course this is not an option if you have to use customers devices for accessing Check Point resources such as licenses, SK articles and software...


Unfortunately, this feature was removed when we changed the IdP used for UserCenter apps.

Not sure the precise reason for this, but the relevant team is now aware.

We are looking at passwordless authentication flows in the future.


Backup Codes - Is no longer available.

Occasionally, customers who have enrolled in 2-Step Verification will not have access to their cell phone to receive a Verification Code.

If this happens, customers can request a backup code via Account Services by opening a SR Ticket.


I had something similar happen to me ages ago, not with backup codes, but something else mind you and Sales person put a note on customer's accound, so when you call, they would see pop-up show and not give you any issues opening a case.


I have asked the local Check Point office how this will work in real life. Will they generate a code which is valid for one day, or will AS generate a OTP? I login to Check Point a couple of times a day when I am onsite, so OTP is not something I am looking forward to.



Let's see what they come up with.



Martijn


Understood. Well, as you know, no matter what company is in question, though specially when it comes to security, employees have to follow procedures, so hopefully your local CP office can accomodate good solution in this case.


A small update from me.



It is possible to get backup codes from Account Services when you open a case with them. I got a couple of backup codes.

The bad part is, these codes are useless for the new login page because there is no option anymore to select backup codes as a different 2nd authentication step.



I have a work-around which is not working 100% unfortunately.



1. I go to the CheckMates website and sign in. This brings me to the old login page with backup codes as a different 2nd authentication step.


2. In another tab I go to support.checkpoint.com and I am signed in. I can access the knowledge base, download software and access the sales Product Catalog.



But I am unable to access User Center accounts, support cases or my profile. When I select one of those, I get redirected to the new login page and cannot continue because this page does not support the backup code.



Selected 'Don't ask for this computer again' but this did not help.



So, the basic stuff I can do, but opening/updating cases and generating/downloading licenses when I am onsite is not possible for customers with a strict security policy about mobile phones.



Will update the case with Account Services, but hopes someone from Check Point is also reading this.



Regards,

Martijn


CheckMates and the rest of UserCenter/PartnerMap are now using different IdPs (in SAML terms).

In practice, it means SSO between CheckMates and UserCenter/PartnerMap no longer works.

The new IdP does not appear to have an option for the use of Backup codes.

We are looking at passwordless methods of access, but no ETA on that.


The information in this article can help you when, after setting up two-step verification, you are unable to access the verification code from Google Authenticator required to sign in to your Nintendo Account.


Additional Information: Once two-step verification is enabled, you will need to sign in using BOTH your password and a 6-digit code sent to your smart device via the Google Authenticator app.For general assistance with the Google Authenticator app, please see the Help & Feedback section of the application on your smart device.


What to Do: To locate the verification code you need to enter when signing in to your Nintendo Account, launch the Google Authenticator application using the smart device you used to set up this feature. The 6-digit code needed to sign in is displayed on the app. The app is required to set up the two-step verification feature, so you would have downloaded it when you set up two-step verification for your Nintendo Account.If you no longer have access to the smart device used to set up the feature, you will need to use a backup code to sign in (see below). If the 6-digit code is not working on an Android phone, try using the Time sync feature: Open the Google Authenticator app.Tap the more options icon and then Settings.Tap Time correction for codes.Tap Sync now. If your verification code is still not working, click Use another method to verify your identity on the Two-Step Verification page during the sign-in process and enter one of your 10 backup codes. 10 backup codes were provided when two-step verification was initially set up, with the direction to copy and save them to a safe place. If you do not currently have access to your backup codes, select Use another method to verify your identity on the Enter a backup code screen. An email with a verification code will be sent to the email address associated with your Nintendo Account. Locate the code in your email and enter it in the Verification code box, then select Submit. If you do not receive the email, please follow our steps for Did Not Receive a Nintendo Account Identity Verification Email.If you have also forgotten your password, this option is not available.


Situation not resolved If you no longer have access to the smart device used to originally set up two-step verification and are unable to locate the backup codes or use e-mail address verification, you will not be able to sign in to your Nintendo Account. Please contact us for additional assistance.


Thank you for visiting the Nintendo website! You have been randomly chosen to take part in a brief survey. By taking a few minutes to share your thoughts and opinions, you will be helping us to improve our website.


If you're not receiving text messages, you've lost your phone, or your mobile authenticator app isn't working, you should disable or reset two-step verification on the Security tab of your Dropbox account settings.


If you have lost your emergency backup code, and you are not receiving any two-step verification text messages, and the steps in that help article are not helping, then there is little you can do to recover the account.

3a8082e126
Reply all
Reply to author
Forward
0 new messages