Download Authenticator
Emelia Lute
The Bitwarden password manager supports multiple two-step login methods, also know as 2FA and two-factor authentication, such as through an authenticator app or email. Learn how to set up and use each method.
Google Authenticator can be backed up by exporting. Code keys are exported to a combined QR code. Raivo OTP is also an excellent Authenticator someone recently recommended to me on this forum. You can export to an encrypted file AND it will upload securely to Apple iCloud. It also has a great feature where you tap the code on your iPhone and then you can paste the code on your Mac laptop immediately. -otp.com/.
Is there another solution than the password, and double authentication? Only with the smartphone? I know according to current events that our GAFA want to put the passwords in the closet, to only use their smartphone.
I changed phones and now can not log into Concur at all. I use Microsoft Authenticator. It works for everything else but not Concur. When I log in it asks for authenticator code. Never shows on my app. I was told it was because Concur hasnt been added to the app. So i try to add and it wants to scan the code. I cant get it to release from old setup. My admin had reset Concur but it still looks for the old setup. I am stuck. Help
@bhuston757 - you are saying your admin "reset" your multi-factor authentication and you are not being prompted with the QR code or manual key in order to set it up on your new phone? I would suggest they try to reset again and you should be prompted to set it up on the new phone. I do not know exactly how these authenticators work, but when I have worked with users with a new phone, we had to do the setup from the beginning to re-establish the 2FA.
@bhuston757 what do you mean by "I can't get it to release from old setup"? If you switch devices, then your site admin needs to reset your 2FA. Next time you go to sign in at concursolutions.com, you should be prompted to set up 2FA. So, you will either see a QR code that you need to scan or if your company didn't opt out of the email setup of 2FA that launched November 15, you will receive an email to start the 2FA setup process.
Hello, I did not get a new phone, but I did switch authenticator apps from AuthPoint to Microsoft Authenticator. I went throught the reset steps several times but the 2FA code is not accepted. I even tried adding to AuthPoint again and it didn't work. I'm searching for an answer to this on several threads and all seem to be left unanswered. Can anyone help?
Yes, I was working with my Concur admin. He did the reset 2x and we walked through the whole process. Got the email, clicked the button, scanned the QR code, SAPConcur added to the authenticator app, tried to log in and same results, code was. I also saw threads about time sync. The phone was the same time as my PC.
Yes I tried that yesterday. I found the issue this morning. I was missing a step right after scanning the QR code which added SAP to my authenticator app and entering the code for the first time in the box below the QR code. I was going straight to trying to use the app code to log in to the website.
I just changed jobs and when i got my new laptop my Evernote worked great for 5 days. Then Friday it started asking me for my google authenticator code, which has not worked in years since I switched phones. Usually there is an option to send a code via text, that is gone. In the midst of trying to figure this out my password no longer works so I cannot login on the web. luckily my phone is still logged in but without the authenticator and password I cannot deactivate 2-step authentication to get access on my laptop. do I hold out for Evernote support or is there another option?
Otherwise, in the Evernote app on your phone go to Settings. Then choose More Settings. This will load your account settings. Choose the three bar 'hamburger' menu and select Security Summary. Login with your password. Then on the two step verification section select Manage Settings. If you are lucky this will enable you to view backup codes or disable two step verification. More likely it will prompt you for a code in which case select the option which is something like I forgot my codes.
Once you have access to your account you will need to either disable 2FA or set up one of the many authenticator apps. Google works but many recommened Authy. You choose whichever you want assuming you want the extra security. Usually it works best to disable 2FA then reenable with your new authenticator.
Thank you for your recommendations agsteele. no I do not remember where I saved the google emergency codes. I went to google authenticator to get new codes and it gave me 10 of them, but they are all only 8 digit, not the 16 digit ones evernote is asking for. I cannot get to the security settings on my phone as it asks for the google authenticator info there as well. Now that I have tried this again, it has logged me out on my phone as well. So I now have no access. it was bound to happen.
Add your credential to the YubiKey with touch or NFC-enabled tap. Hardware-backed strong two-factor authentication raises the bar for security while delivering the convenience of an authenticator app.
Generate your unique credential using QR codes available from the services you wish to protect with 2FA. Secures all the services currently compatible with other Authenticator apps. For example, Azure MFA supports TOTP authentication to secure Office 365.
Start protecting all of your accounts with stronger two-factor authentication. Easily generate new security codes that change periodically to add protection beyond passwords. And your secrets are never shared between services.
The Yubico Authenticator app works across Windows, macOS, Linux, iOS and Android. Get the same set of codes across all Yubico Authenticator apps for desktops as well as for all leading mobile platforms.
Users switch phones often. With other authenticator apps, when a user has a new phone or OS upgrade, IT often needs to help reset the enrollment flow and support calls rack up costs.
The Yubico Authenticator app allows for user self-service to enroll multiple secrets across various services, making this a secure and efficient solution at scale.
I need to have a handful of users connect to GlobalProtect with TOTP as the second authentication factor. Since the number of users are so low, they can either live on our LDAP service (preferred) or as local users. The TOTP is to be verified by existing RADIUS.
Same here minus the RADIUS server. If I avoid using two-factor authentication with GlobalProtect to authenticate to the gateway or portal, it should be possible to use GlobalProtect to notify the user about an authentication policy match (UDP message), a Multi Factor Authentication server profile would be sufficient, yes? Specifically, I would like to know how this would work with Google Authenticator.
For remote user authentication to GlobalProtect portals and gateways, the firewall integrates with MFA vendors using RADIUS and SAML only. As of now, The Google authenticator app is not supported by Palo Alto for multi-factor authentication. Supported MFA vendors are Okta, PingID, RSA token, DUO. Below document explains about the Multi Factor authentication in detail.
=kA10g000000CmSm
-os/8-1/pan-os-admin/authentication/authentication-types/multi-...
Hello
I have in my infrastructure a double authentication factor for global protect users.
For them I used Cisco Duo, the connection and integration is really easy.
With this I can control the double factor through an external RAdius server.
+ Validate that Users are members of the Global-Protect-VPN-Group in LDAP, fail authentication otherwise - without hardcoding the LDAP group check in the RADIUS configuration [not yet researched. Workaround: Hardcode in the RADIUS config file]
+ How do I manage to run the RADIUS-Service as HA (google-authenticator uses one file per user that contains state, i.e. they are written to with each attempted access). No DB support. [Untested solution idea]
+ How do I implement this with EAP-GTC on freeradius/PA? [current implementation is using PAP and as PA does not support RADSEC, I need something that satisfies BSI (Germany) security requirements - which classical RADIUS PAP security doesn't.]
When testing, it may be helpful to use theDummyAuthenticator. This allows for any username andpassword unless a global password has been set. Once set, any username willstill be accepted but the correct password will need to be provided.
Since the Authenticator and Spawner both use the same username,sometimes you want to transform the name coming from the authentication service(e.g. turning email addresses into local system usernames) before adding them to the Hub service.Authenticators can define normalize_username, which takes a username.The default normalization is to cast names to lowercase
When using PAMAuthenticator, you can setc.PAMAuthenticator.pam_normalize_username = True, which willnormalize usernames using PAM (basically round-tripping them: usernameto uid to username), which is useful in case you use some externalservice that allows multiple usernames mapping to the same user (suchas ActiveDirectory, yes, this really happens). Whenpam_normalize_username is on, usernames are not normalized tolowercase.
In most cases, there is a very limited set of acceptable usernames.Authenticators can define validate_username(username),which should return True for a valid username and False for an invalid one.The primary effect this has is improving error messages during user creation.
Because the username is passed from the Authenticator to the Spawner,a custom Authenticator and Spawner are often used together.For example, the Authenticator methods, Authenticator.pre_spawn_start()and Authenticator.post_spawn_stop(), are hooks that can be used to doauth-related startup (e.g. opening PAM sessions) and cleanup(e.g. closing PAM sessions).