Before you begin
Multi-factor authentication (also known as MFA) is an enhanced security feature where a user is only granted access after verifying their identity using more than one method (for example, by providing both a password and a PIN code).
To configure and use MFA, you will need to use a third-party authentication service such as Google Authenticator or Authy. The third-party authenticator must be installed on a device with a camera (such as a smartphone or tablet device). For this article, we have used Google Authenticator as an example.
Note that you will need access to the third-party authenticator service each time you log in to Gentu.
- While logged in to Gentu, select your username in the top right-hand corner.
- Select Account Settings.
- Under the Multi-Factor Authentication heading, press Setup Authentication.
- A new window will appear, showing a secure QR code.
- Launch the authenticator application on your device.
- Select the option to add a new account.
- Use the device’s camera to capture the QR code, as prompted.
- Your Gentu account will be added to the authenticator device:
- Type the authentication code into the Gentu MFA setup window and press Enable.
Gentu will then present you with a list of backup codes.
Backup codes can be used to log in to Gentu in place of an authentication code, if your authenticator device is lost or inaccessible.
It is imperative that you print or note down the backup codes external to your authenticator device.
Backup codes are single-use, and they are specific to your Gentu username.
Once you close out of this window, Gentu will confirm that MFA is successfully configured for your account.
When you next log in to Gentu, after entering your usual login credentials, tick the Use a multi-factor authentication token checkbox.
Launch the authenticator on your device, which will generate a secure login code.
Type the secure login code into the field shown, then press Log In.
You can disable MFA at any time by navigating to Account Settings, and pressing the Disable button under the Multi-Factor Authentication heading.
I need to change my authenticator device. How can I do this?
Essentially you will need to disable MFA entirely, then re-enable it using the new device. Log in to Gentu as normal (using a backup code if your original authenticator device is not accessible). Click on your name in the top right-hand corner, then select Account Settings. Under the Multi-Factor Authentication heading, press the Disable button. To re-enable MFA, refer to the instructions under the Configuring MFA heading above.
I've lost my authenticator device and cannot log in to Gentu. What do I do?
In this case, you will need to use one of your backup authentication codes to log in to Gentu. Once you have logged in, you should immediately disable MFA via Settings > Multi Factor Authentication.
If it should ever occur that your authenticator device is lost or inaccessible, and you do not have access to your backup codes, please contact Gentu Support as a matter of urgency on email@example.com.
I have to make several attempts to log in, even though I don't change my password or MFA code. What's going on?
The authenticator application installed on your device uses an encryption key (the QR code you scanned) in conjunction with the time to generate a unique passcode every thirty (30) seconds. Independent from your device, the Gentu server uses the same encryption key and its internal clock to generate the same code. When you enter the passcode, Gentu compares them before allowing you to proceed.
If the clock on your device is set faster or slower than the Gentu server, then your MFA passcode will be generated before Gentu thinks it is valid; if the difference is great enough then you may find that you receive an error on your first and even second attempt to log in.
If possible, you should always set up the device on which your authenticator application is installed so that its internal clock synchronises with the internet. This will ensure that it doesn't become faster or slower than the Gentu server over time.