Hello and thanks for reading the "how-to" in order to setup your account for Two-Step Verification.
Why is this important? Two-Step Verification, also known as two-factor authentication, requires you to provide two pieces of information to login. The general form is expressed as "something you know and something you have". "Something you know" is your password. "Something you have" is the new part. You may have seen this with other services, such as Google accounts.
Two-step verification is something a user has to opt into sometime after they have registered. Enabling it increases security at the expense of a more complex login procedure.
When you've enabled two-step verification, you will login with your username or email and password as normal. Once those are verified, we will determine if two step verification is needed. If so, you'll need to take the appropriate steps to complete that. Upon receiving that verification, you'll be logged in as normal.
Let's look at how each step works in more detail - first choose the option from your profile.
Next, after being prompted to login again, you'll want to enable which way you would like to authenticate.
I prefer an app, as it's most secure, but you can choose e-mail if you'd like.
If you choose the app, the next thing you should do is to scan the QR code with your phone.
- Verification code via app - this will use an app on your phone (such as Google Authenticator or Authy) to generate a 6 digit code. This code changes every 30 seconds. (Download here for Android or Download here for Apple)
- Email confirmation - this will send a unique, one-time-use code to the email address associated with your account. This method is not preferred over the app-based verification because if an attacker has access to your account, they may also have access to your email. However, it's certainly better than nothing.
And finally, upon completion, you should see this screen.
At the next time I login, I would also boot up my app to get the unique code to login to HDN.