Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. This process helps to protect better both the user's credentials and the user’s resources.
For MyAFRINIC portal users, the two authentication factors are:
- The account password
- A one-time six-digit security code.
The code is generated by a third-party Time-based One-Time Password (TOTP) authenticator, defined as an open standard in RFC6238. Any application that supports TOTP can be used for two-factor authentication.
2FA implementation for the MyAFRINIC portal is an optional but highly recommended security feature, as it adds a layer of security to the authentication process. If enabled, you will be required to enter your password and the six-digit security code; generated by a TOTP authenticator on a device you control, typically a smartphone; whenever you sign in.
Prerequisite for two-factor authentication.
You must first install a TOTP application on your smartphone or tablet before enabling two-factor authentication in MyAFRINIC. Some examples are:
- Google Authenticator (Android, iOS, BlackBerry)
- Microsoft Authenticator (Android, iOS)
- Authy (iOS, Android, BlackBerry)
- FreeOTP (Android)
- HDE OTP Generator (iOS)
You may choose your own authenticator of choice other than the ones listed above.
How do I enable Two-Factor Authentication?
Enabling 2FA is a straightforward procedure; the following steps should get it enabled:
- Log into Myafrinic Account
- Click on “My Account”, then select Security
- Select the "2-Factor Authentication" button.
- Select setup. When setting up the authenticator app, you can either:
- Scan the QR-code displayed, or
- Enter the “Secret Key” manually.
- Use the six-digit from the app to conclude the setup.
- If your six-digit security code does not match, please check that your phone has an automatic time zone setting selected.
- A demo guide can be found here.
What’s Next after Enabling 2FA
Once 2FA is enabled, you will be required to supply both authentication factors every time you log in and access information from Myafrinic. You will be required to enter your NIC-HDL and password first, and then you will be asked to "enter the security code generated by your authenticator app".
In most cases, just launching the authenticator app will generate a new code. You should enter this code to gain access to your account. In most authenticator apps, the auto-generated code is valid for 30 seconds only. You should use the code within that time; otherwise, it will expire, and a new code will be generated. You may refer to your authenticator app's documentation for specific instructions.
What if I can't generate the six-digit code?
If you find yourself in a situation where you cannot access the authenticator app, you will need to use a backup security code to sign in to the Myafrinic portal. The backup code is a 10-character one-time code you can use in place of the OTP code to access your account.
When you have enabled the 2FA authentication, you will find the “Generate Backup Codes” button under the 2-Factor Authentication section. The backup codes will be generated when the button is clicked, and the system will give you 5 one-time use backup codes. Write these down or print out, and store them in a safe place. Each Backup Code can only be used once; however, you can generate a new set of codes at any time.
If you are locked out of your account and do not have the backup security code, please contact us.
What if I don't have or want to use a smartphone?
A smartphone with an authenticator app makes it very easy to use 2FA, but in principle, you can use any application capable of generating Time-based One-Time Passwords. For example, the OATH Toolkit allows you to generate security codes from the command line. The man page will give you details on how to use the application. The other option could be the OTP Manager, another simple application for managing One Time Password (OTP) tokens.
Can I disable 2-factor authentication after enabling it?
Yes. 2FA is optional but a highly recommended security feature. You can disable the functionality by navigating to the Security page of your “My Account” section, clicking the button "Disable” button".
On 24 June 2021 during the scheduled maintenance to add the 2FA feature on MyAFRINIC, the change was rolled back as we encountered some issues. We provided the report on our status page at https://status.afrinic.net/#notice-121229
We are now expecting the deployment in the second week of July.