What is MFA?
When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a great way to do it as usernames are often easy to identify such as an email address. Many people tend to pick simple passwords or use the same one at many different sites.
That's why online services such as banks, social media, shopping and quite often your business have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification", “Two-factor Authentication” or "Multifactor Authentication" but they operate on the same methodology. When you sign into the account on a new device or app you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.
For example, a password is one kind of factor, it's a thing you know. Other common kinds of factors are:
- Something you know - Like a password, or a PIN
- Something you have - Like a smartphone
- Something you are - Like a fingerprint, or facial recognition
How does it work?
If you were to log into your Reward Gateway account with only an email and password anyone with that information could access some sensitive information!
With Multifactor Authentication this becomes a lot more tricky as once that password is entered we’ll prompt you for another code (that secret second factor) to make sure it’s you logging in.
At Reward Gateway we follow a standard Time-based One-Time Password (TOPT) protocol (RFC 6238). There are various apps that support this standard, such as Authy, Google Authenticator and Microsoft Authenticator. We recommend the use of Authy to do this. You open the app on your smartphone or Desktop, it shows you a unique, dynamically created string of numbers that you type into Reward Manager and you're in!
Now imagine that someone has your password and they get to this stage? They’d need access to your phone or computer in order to login.
MFA on a desktop
First you’ll need to go and download the Authy desktop app which you can find at authy.com
Click the download button in the top right of the page and scroll down to desktop. Once here you’ll have the option to pick which computer you want to download for.
If you are on a Windows machine and are unsure if it is 32bit or 64bit, search your computer for the control panel. When in the control panel click System and Security, then click System. The system type will be detailed on that page
Once the download is complete, open the application and install.
Opening Authy for the first time you’ll need to select a country code and enter your mobile number.
You’ll then need to enter an email address which can be used if you ever lose access to your Authy account.
You can then choose whether you’d like to verify this number via SMS, Phone Call or Whatsapp message. Enter the code received to complete the setup with the desktop app.
You can now click on the ‘+’ icon to add a new account on Authy which will be your dedicated Reward Manager authenticator.
At the same time, in the top right of your RG platform website, go to Account > Account Settings > Security Centre > Multi-factor authentication > ‘Setup’.
As Authy currently does not support QR code scanning, click on ‘Enter the secret key manually’ under the QR code. Copy and paste the key into the Authy app and click ‘Add Account'.
Next, name your Account, select a custom logo, as well as the desired token length, and Save.
Authy will then send the verification code to the mobile number provided.
Enter this code into the ‘Code’ field on the 2FA setup page and Save.
Once you receive the confirmation message below, your 2FA is set up. Each time you log into your Reward Manager account, Authy will automatically generate a code for you to enter and verify your identity.