How To Guides
Two-Factor Authentication
2. YubiKey Setup and Configuration
3. WebAuthn Setup and Configuration
4. TOTP (Google Authenticator) Setup and Configuration
Overview
Miva has for a number of years supported Two-Factor Authentication via TOTP (Time-based One Time Password) for all admin users. This method uses popular apps such as Google Authenticator or Authy to give you a second factor (a 6 digit number) which is required when logging into the Miva admin.
Miva 9.10 introduces 2 new hardware based methods for Two-Factor Authentication
- YubiCloud + Yubico OTP
- WebAuthn / U2F
Both of these methods leverage hardware based encryption via specialized USB keys. You can learn more about the WebAuthn standard here. and the Yubikey here.
Both of these standards provide a seamless and convenient way to add a second factor to your Miva admin login.
YubiKey Setup and Configuration
Requirements: To use YubiKey as a Two-Factor mechanism you must purchase a specialized USB YubiKey which come pre-configured to connect to the YubiCloud
https://www.yubico.com/store/. Miva is part of YubiCo's "Works With YubiKey" Program
Steps to setup in Miva
- Edit User and Select Manage Two-Factor Authentication
- Choose YubiCloud + Yubico OTP from the Drop down
- Hit Next and when prompted enter your YubiKey and press the button on the Key to authenticate.
WebAuthn Setup and Configuration
Requirements: To use WebAuthn, you must purchase a USB Key which supports the WebAuthn / U2F Protocol. Yubikeys by default support WebAuthn so purchasing a YubiKey will allow you to use either protocol. The 5.32 engine is also required. Currently Webauthn is limited to the latest versions of Chrome and Firefox. The Google Titan Key supports this protocol and can be purchased here: Google Titan Key
Steps to setup in Miva
- Edit User and Select Manage Two-Factor Authentication
- Choose WebAuthn/U2F from the Drop down
- Hit Next and when prompted enter your WebAuthn supported device and press the button on the Key to authenticate. Your browser will also give you a popup which you need to approve.
Important: WebAuthn / U2F is a new standard and is currently only supported in the latest versions of Chrome and Firefox.
TOTP (Google Authenticator) Setup and Configuration
Time-based One Time Password or TOTP is the most popular method of Two-Factor Authentication. This involves using an app such as Google Authenticator to generate a unique 6 digit password each time you login.
Requirements: To use TOTP you'll need an app such as Google Authenticator or Authy to handle to TOTP flow. While there are browser-based plugins, and desktop operating system programs, for storing TOTP keys and generating the TOTP codes, we advise against using those as a compromise of the computer where the key is stored would permit unauthorized access.
Steps to setup in Miva
- Edit User and Select Manage Two-Factor Authentication
- Choose Time-Based One-Time Password from the Drop down
- On the next screen, scan the QR code or enter in the text string below the QR code into your Google Authenticator (or similar) app. Once done, enter in the 6 digit code generated from the App into Miva and click enable.
Backup Codes
All three Two-Factor methods now support the generation of backup codes. These codes are presented to download at the time Two-Factor is enabled for each user. They consist of 10 1-time codes which will allow you to bypass the Two-Factor mechanism should your USB key get lost or stolen or you Google Authenticator App deleted.
Using a backup code
To use a backup code, click the “Use Backup Token” link below the Two-Factor screen during the login process. Here you can enter in your one time use code:
Each backup token is one time use so once it has been used it can never be used again.
Note: There is no way to bulk generate backup codes. If you need more than the initial 10, you would need to disable Two-Factor for that user and then re-enable it which would generate you a new set of 10 codes.