What is 2FA & TOTP?
Keeping up with security standards, Telnyx has implemented a a new security process with either 2FA or TOTP for your Mission Control Portal.
Two-factor authentication, often abbreviated as 2FA, is a security process in which users provide two different authentication factors to verify their identity. This is done to enhance the security of the user's account and information.
The primary goal of two-factor authentication is to create a layered defense to prevent unauthorized access to an account. Even if an attacker manages to gain access to one factor, it is very difficult to obtain the second one, thereby decreasing the likelihood of a successful breach.
TOTP stands for Time-Based One-Time Password. It is a common method of two-factor authentication that generates a unique temporary passcode from a shared secret key and the current time.
In a typical TOTP system, both the server and the client (for instance, an authentication app on a smartphone) share a secret key. To generate the one-time password, they both combine this secret key with the current time (in practice, the number of seconds since a certain date, divided by a specific interval, like 30 seconds).
The result is a short number, often six digits, which the user can type into the system after their main password. Because the server and client both have the secret key and know the current time, they should both generate the same number.
How can I configure 2FA or TOTP?
If you are an existing customer, you can enable 2FA with SMS/Call or TOTP with an authenticator app in the Account section of the Mission Control Portal under the security header.
When you enable the toggle for Two-Factor Authentication, you can choose 2FA SMS/Call or TOTP as your options.
When you choose 2FA SMS/Call
You will be prompted to enter in a phone number that you can receive a SMS message or Call.
Click the SMS or Call buttons to trigger a code to be sent to your device.
Once you receive the code, enter it into the field for 2FA to be enabled on your account.
When you choose TOTP
Set up your TOTP authentication application by scanning the QR code shown in your account settings.
Once scanned you will see a temporary authentication code in your TOTP authentication app.
Enter the code underneath the QR code to activate TOTP on your Mission Control account.
To set up your Google Authentictor app, simply scan the QR code shown in the Mission Control Portal and enter the temporary code that shows up on your mobile device.
That's it, now TOTP has been enabled on your Mission Control Portal. Upon signing in, you can enter the temporary code that shows in your Google Authenticator app when prompted to do so.
2FA significantly decreases the risk of fraud, phishing, and data breaches, because even if an attacker obtains a user's password, they won't be able to access the account without the second factor.
Telnyx has sent email communication to our customers on 1st August 2023 informing you of the recommendation to enable 2FA on your account for future access.
From the 7th August 2023, new customers who sign up to our platform or existing customers who have not yet logged back into their account and not have 2FA enabled on their account will subsequently be asked to enable it the next time they log in.
2FA is not part of the signup flow. So for new customers, after signing up, 2FA is prompted only when you log in next time. You can skip & set up 2FA at a later stage from your accounts general settings.
When enabled successfully, by entering in the verification code your device received or authenticator app display, you will be able to login.
However, you will have an option to save single use backup codes like the below should you lose access to your 2FA related device.
Please save and secure these backup codes as they can not be recovered once the screen is closed.
2FA can't be disabled once enabled but you can change the authentication type between SMS/Call and TOTP.
2FA only applies to accounts that use email+password or OAuth logins only.
SSO/SAML login does not require 2FA to be enabled.
Backup codes are only displayed once and can only be used once, so make sure you put them in a safe place.
Customers will never be blocked from making direct API requests no matter their 2FA status.
If you have not received a call or text with your 2FA code
Or do not have backup code
Or if you lose access to your authenticator application.
Or if you have lost access to your device where 2FA was enabled and need to have 2FA reset.
Or if you receive the error "You have exceeded the maximum number of allowed requests." this means that you have attempted too many 2FA requests within a 24 hour period.
Please reach out to the Telnyx support team for further assistance via email@example.com.