Two-factor authentication is available as of release 1.52 and must be enabled in your account before you can access it.
What is two-factor authentication?
Two-factor authentication (2FA) is an optional but highly recommended extra layer of security that requires you to have access to your phone or mobile device when logging in to Domino. This means even if your password is compromised, only you have access to your account.
Here's how it works:
- When you log into Domino, you'll be asked to enter a six-digit authentication code in addition to your password.
- You'll receive the authentication code from a secure app on your mobile device
- Enter that code in Domino to log-in
How do I set up two-factor authentication for my account?
(If you are a Domino Administrator and you'd like to enable two-factor authentication for your users, see the Admin help article.)
0. Before you can set up 2FA on your account, you'll need to download and install a Time-based One-Time Password (TOTP) app on your mobile device to generate time-sensitive authentication codes. Domino 2FA can be used with most TOTP applications. We recommend using Google Authenticator for both iOS (App Store) and Android (Google Play).
Once you've installed a TOTP app, you're ready to enable two-factor authentication on Domino.
Note: If an Administrator has required the use of 2FA for your account, you'll immediately be directed to Step 4 upon log in.
1. In the upper-right corner of any page, click your username, then click "Account Settings"
2. In the sidebar, click "Two-Factor Authentication"
Note: If this option isn't in your sidebar, contact your Administrator to enable this feature.
3. Under Two-Factor Authentication, click "Set up an authenticator app"
4. On the Enable Two-factor authentication page, scan the QR code with your TOTP mobile app to configure your app.
If you can't use the QR code, click "enter this text code" to view a secret key that you can manually enter into your app. Remember to select "time-based" in your app when utilizing the manual key entry.
5. Once your TOTP app is configured, it will generate a new authentication code every 30 seconds. On Domino, enter one of these codes and click Submit.
That's it! From now on, when you log into Domino, just open your app and enter the authentication code along with your password.
For additional security, after 6 consecutive failed authentication attempts your account will have to be unlocked by an administrator.
What if I lose access to my device or TOTP app?
After enabling two factor authentication, you'll receive 10 9-digit recovery codes. Your recovery codes will allow you to get back into your account if you lose access to your phone or delete your authentication app.
Save these recovery codes in a safe place. You can find them again, or reset them, by going to Account > Two-Factor Authentication > View Recovery Codes.
You can use any of these codes to log in to your account, but you can only use each code once.
What if I lose my recovery codes?
If you don't have access to your recovery codes, an Admin can manually disable 2FA for your account.
Why can’t I get my authentication code through SMS?
The National Institute of Standard and Technology (NIST) discourages the use of SMS or voice based 2FA. For details, see section 18.104.22.168 of their report here.
For more info how how Domino thinks about security and other features we offer, check out these additional resources: