# Set up 2FA in Eliona

## What is TOTP?

**TOTP** stands for *Time-based One-Time Password*. It is a time-limited one-time password that is regenerated every 30 seconds. Authentication takes place via an app on your smartphone (e.g. *Google Authenticator*, *Authy*) and ensures that only you have access to your user account — even if someone knows your password.

### **Benefits of TOTP/2FA:**

* Greater security for sensitive project data
* Protection against unauthorized access
* One-time passwords also work offline

## Enable two-factor authentication (TOTP)

<div data-full-width="false"><figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/qMCSrkGq0BvL0cCW4Sew/2FA.png" alt=""><figcaption></figcaption></figure></div>

**Here's how to start setup:**

1. Click the user profile at the top right \[A]
2. Click the gear icon in the dropdown menu \[B]
3. In the *Profile* section, activate the switch \[C]\
   ▷ The setup of TOTP-based two-factor authentication begins

### Turn on OTP/2FA

<figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/OTmwMrJ7cZdegmPTDjGr/2FA.png" alt="" width="375"><figcaption></figcaption></figure>

After clicking the switch to enable two-factor authentication, the configuration window opens.

**1. Connect authenticator app**

* Scan the **QR code** with an OTP-compatible app (e.g. *Google Authenticator* or *Authy*)
* Alternatively: Copy the displayed **setup code** and enter it manually into your app

**2. Confirm OTP code**

* Enter a **currently generated code** from your authenticator app into the field *OTP code* a
* You have **120 seconds** to complete this step
* Click on **Continue**to proceed

{% hint style="info" %}
If time has expired, restart the process by reactivating OTP/2FA.
{% endhint %}

### Save recovery codes

<figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/pjiE0hSLP7nlOr23RtLC/2FA.png" alt="" width="375"><figcaption></figcaption></figure>

After successfully enabling two-factor authentication, ten recovery codes will be displayed once.

These codes serve as a backup in case you lose access to your authentication app.

* Each code can **only be used once** be
* The codes allow login or resetting your 2FA
* Store the codes safely in a secure place

To continue, you must confirm that you have saved the codes.\
To do this, activate the checkbox and click **Confirm**.

If you lose the codes, access to your account can only be restored by an administrator.

***

## Login with OTP code

<figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/5H2iWdrDUgJtfm4qEH9A/2FA.png" alt="" width="375"><figcaption></figcaption></figure>

When OTP/2FA is enabled, you must authenticate during login with a one-time password (OTP) from your authenticator app.

* Open your authenticator app and enter the current 6-digit code
* You have 60 seconds to enter the code
* Click on **Verify**to complete the login

If you do not have access to the app, you can use one of your **recovery codes** use.\
If the code is invalid or time has expired, restart the login process.

**Problems logging in?**

* Make sure the time and time zone on your device are set correctly
* If needed, use one of your saved recovery codes
* If access is still not possible, contact your project administration

***

## Disable OTP/2FA

<div align="left"><figure><img src="https://content.gitbook.com/content/Nyvwhz1kEMXcHf4HLuZ8/blobs/syl5SoWSUPJ1nUHTF9ak/2FA.png" alt="" width="375"><figcaption></figcaption></figure></div>

1. Go back to your profile
2. Disable the switch **OTP/2FA**
3. To confirm:
   * Enter a valid OTP code
4. Click on **"Confirm and Disable"**\
   ▷ Two-factor authentication will be removed