Multi-Factor Authentication (MFA)

Before you begin

Multi-factor authentication (also known as MFA) is an enhanced security feature where a user must verify their identity using more than one method (for example, by providing both a password and a PIN code).

• To configure and use MFA, you must use a third-party authenticator app such as Google Authenticator.
• We recommend that the authenticator app be installed on a device with a camera (such as a smartphone or tablet device). In general, most people will use their smartphone for this purpose.
• Please note that you will need to have access to the third-party authenticator service each time you log in to Gentu.

Configure MFA

1. While logged in to Gentu, select your username in the top right-hand corner.
2. Select Account Settings.
   
   
3. Under the Multi-Factor Authentication heading, press Setup Authentication.
   
    
   
   
4. A new window will appear, showing a secure QR code.
   
   
   
   
5. Launch the authenticator application on your device.
6. Select the option to add a new account.
7. Use the device’s camera to capture the QR code, as prompted.
8. Your Gentu account will be added to the authenticator device:
   
   
   
   
9. Type the authentication code into the Gentu MFA setup window and press Enable.

Gentu will then present you with a list of backup codes.

Backup codes can be used to log in to Gentu in place of an authentication code, if your authenticator device is lost or inaccessible.

It is very important that you print, write down, or otherwise save the backup codes external to your authenticator device. 

If your device is lost, stolen, or inaccessible, you will need to use one of these saved backup codes to log in to Gentu.

Backup codes are single-use, and they are specific to your Gentu username.

Once you close out of this window, Gentu will confirm that MFA is successfully configured for your account.

Logging in with MFA

When you next log in to Gentu, after entering your usual login credentials, tick the Use a multi-factor authentication token checkbox.

Launch the authenticator on your device, which will generate a secure login code.

Type the secure login code into the field shown, then press Log In.

Disable MFA

You can disable MFA at any time by navigating to Account Settings, and pressing the Disable button under the Multi-Factor Authentication heading.

FAQ

> I need to change my authenticator device. How can I do this?

Essentially you will need to disable MFA entirely, then re-enable it using the new device. Please refer to the instructions above.

> I've lost my authenticator device and cannot log in to Gentu. What do I do?

In this case, you will need to use one of your backup authentication codes to log in to Gentu.

Once you have logged in, you should immediately disable MFA via Settings > Multi Factor Authentication.

If your authenticator device is lost or inaccessible and you do not have access to your backup codes, please contact Gentu Support on gentu@geniesolutions.com.au.

> I have to make several attempts to log in, even though I don't change my password or MFA code. What's going on?

The authenticator application installed on your device uses an encryption key (the QR code you scanned) in conjunction with the time to generate a unique passcode every thirty (30) seconds. Independent from your device, the Gentu server uses the same encryption key and its internal clock to generate the same code. When you enter the passcode, Gentu compares them before allowing you to proceed. 

If the clock on your device is set faster or slower than the Gentu server, then your MFA passcode will be generated before Gentu thinks it is valid; if the difference is great enough then you may find that you receive an error on your first and even second attempt to log in.

If possible, you should always set up the device on which your authenticator application is installed so that its internal clock synchronises with the internet. This will ensure that it doesn't become faster or slower than the Gentu server over time.