Two-Factor Authorization is an extra layer of security that the Miva admin uses to make sure that the people trying to gain access to an online account are who they say they are.
The Miva admin supports Two-Factor Authorization via TOTP (Time-based, One-Time Password) for all users. There are various methods for accomplishing this, including a YubiKey + Yubico OTP, WebAuthn/U2F as well as TOTP via Google Authenticator. All of these methods provide a convenient way to add a second factor to your Miva login.
To use a YubiKey as a two-factor authentication method, you must purchase a specialized USB YubiKey which comes pre-configured to connect to the YubiCloud. Miva is part of YubiCo’s Works With YubiKey program. For more information about that program, click here.
To purchase a YubiKey, check out the YubiCo store here.
To set up a YubiKey, select the user in the batch list and click the more icon, and then click Two-Factor Authentication in the dropdown menu.
Then, choose YubiCloud + Yubico OTP from the drop down.
Click Next, and then follow the on-screen instructions to insert your YubiKey into your computer, and then authenticate.
When finished, click Enable.
To use WebAuthn, you must purchase a USB Key which supports the WebAuthn/U2F Protocol. YubiKeys, by default, support WebAuthn so purchasing a YubiKey allows you to use either protocol. The Google Titan Key also supports this protocol and can be purchased here.
To setup WebAuthn in Miva, select the user from the batch list and click to Edit. Then select Manage Two-Factor Authentication.
Then choose WebAuthn/U2F from the dropdown.
Click Next, and then follow the on-screen instructions to insert your WebAuthn supported device and press the button on the device to authenticate. Your browser will also give you a popup that you must approve.
Time-based, One-Time Password, or TOTP, is the most popular method of Two-Factor Authentication. This involves using an app, like Google Authenticator, to generate a unique, six-digit password each time you log in.
To use TOTP you’ll need an app, like Google Authenticator or Authy, to handle the TOTP flow.
While there are browser-based plugins, and desktop operating system programs, for storing TOTP keys and generating TOTP codes, Miva discourages their use because they can compromise the computer where the key is stored, which could permit unauthorized access.
To setup TOTP in Miva, select the user from the batch list and click to Edit. Then select Manage Two-Factor Authentication. Then select Time-Based One-Time Password from the dropdown.
On the next screen, scan the QR code or enter the text string below that code, into your chosen app. Once done, enter the six-digit code generated by the app into Miva and click Enable.
All three two-factor methods now support the generation of backup codes. These codes are presented to download at the time two-factor is enabled for each user. The consist of 10, one-time codes which will allow you to bypass the two-factor mechanism should the USB key be lost or the authentication app deleted.
To use a backup code, click the “Use Backup Token” link below the two-factor screen during the login process. When prompted, enter the one-time use code.
Each backup code is for one-time use, so once it has been used it can never be used again. In addition, there is no way to bulk generate backup codes. If you need more than the initial 10, you would need to disable two-factor for that user, and then re-enable it, which would generate a new set of 10 codes.