Authentication: Difference between revisions

From xat wiki
No edit summary
No edit summary
(40 intermediate revisions by 13 users not shown)
Line 3: Line 3:
<translate>
<translate>


<!--T:1-->
If you have an iOS, Android, Windows phone or Blackberry device, you can turn on Google Authenticator to add an extra layer of security to your account. This will make it a lot harder for unauthorized users to gain access to your account.
<!--T:3-->
You should not rely on Google Authenticator if you do not have a strong password. Visit [[<tvar|1>Special:MyLanguage/Phishing</>|Phishing]] for more information.
<!--T:23-->
'''Never''' share your token code with a friend or anybody else. xat staff or [[<tvar|1>Special:MyLanguage/Volunteers</>|volunteers]] will never ask you to turn off Authentication. If anyone asks you to turn off Authentication, they are trying to access your account and steal your xats, days, and/or powers.


<!--T:1-->
<!--T:24-->
If you have an iOS, Android, Windows phone or Blackberry device you can turn on Google Authenticator.This will make it a lot harder for unauthorized users to gain access to your account.
'''SAVE YOUR BARCODE IMAGE''' so you can scan it later if you lose your code.
 
==How to enable or disable Google Authenticator== <!--T:27-->
</translate>
[[File:Auth_security_setting.png|thumb|<translate><!--T:25--> Account security options.</translate>]]
<translate>
===Enabling=== <!--T:31-->


<!--T:2-->
<!--T:28-->
'''IMPORTANT:''' xat staff or [[volunteers]] will never ask you to turn off Google Authenticator. If anyone asks you to turn off Google Authenticator they are trying to access your account and steal your xats/days/powers.
To enable authentication, go to the [<tvar|1>https://xat.com/login</> login page], and login successfully. Click the third drop down menu and turn authentication to "ON (authenticated)". Enabling this will now lead you to a page with a QR code. You can scan the barcode by pressing the "Scan a barcode" option using the Google Authenticator app or browser extensions located below. You should receive a 6 digit code that you can then enter into the “Enter authenticator code” section on the xat login. The authenticator application generates a new 6 digit token code every 30 seconds. Ensure that you tick *Check to save token on this PC for 30 days.* If this is not ticked, it will ask for a new authentication code every time you login to your xat account.
</translate>
[[File:Auth_QR_code.png|thumb|<translate><!--T:29--> Example of QR code.</translate>]]
<translate>
<!--T:26-->
'''IMPORTANT:''' When you enable Google Authenticator, it is recommended for you to print the page with the code given. This will help you add it again in case you lose your authenticator code.


<!--T:3-->
===Disabling=== <!--T:32-->
You shouldn't rely 100% on Google Authenticator. You still need to protect your passwords, see: [[Phishing]]


'''IMPORTANT: Never ever share your token code with a friend or anybody else'''
<!--T:30-->
==Instructions on how to enable/disable Google Authenticator== <!--T:4-->
To disable authentication, go to [<tvar|1>https://xat.com/web_gear/chat/register.php</> xat's login page] and login successfully. Select the last drop-down menu and set it to "OFF (not authenticated)". This will also disable [[<tvar|2>Special:MyLanguage/tickle</>|tickle]] power.
Login [http://xat.com/login here], then login to your account and select the drop downlist and enable google authenticator.


'''IMPORTANT: When you enable google authenticator, you should also print out the page with the code given. This will help you add it to a new phone if necessary.
==Frequently Asked Questions== <!--T:5-->
==Frequently Asked Questions== <!--T:5-->
'''Q. I get an error
'''Q. I get a clock error.
*A. Please check the clock on your device.  
*A. Please check the clock on your device and ensure that your time is set correctly. If the problem still occurs re-scan the bar code or re-enter the time-based code.
'''Q. Incorrect authenticator code.
'''Q. Incorrect authenticator code.
*A. Make sure the time on your phone is set correctly and enter the token then displayed on your phone.
*A. Make sure the time on your phone is set correctly and enter the token then displayed on your phone.
'''Q. What happens if I lose my phone or don't have access to enter the Token code?
'''Q. What happens if I lose my phone or don't have access to enter the Token code?
*A. Make a ticket at [http://xat.com/ticket http://xat.com/ticket] Under "Lost Auth" and request that you want your Token code reset.
*A. Make a ticket at [<tvar|1>https://xat.com/ticket</> http://xat.com/ticket] Under "Lost Auth" and request that you want your Token code reset.
'''Q. I get "Login requires authenticator code."
'''Q. I get "Login requires authenticator code."
*A. Check your device and enter the authenticator code given inside of the application.
*A. Check your device and enter the authenticator code given inside of the application.
'''Q. If I switch phones, how will I get this to work on my new one?
'''Q. If I switch phones, how will I get this to work on my new one?
*A. If you change phones, you need to use the page you printed out and add the account QR code/time based code to the application again. You can also turn off authenticator and turn it back on and use the new code.
*A. If you change phones, you need to use the page you printed out and add the account QR code/time-based code to the application again. You can also turn off authenticator and turn it back on and use the new code.
 
<!--T:15-->
'''Q. My Google Authenticator codes aren't working.'''
 
<!--T:16-->
*A. This might be because the time on your Google Authenticator app is not synced correctly.
 
<!--T:17-->
:*To make sure that you have the correct time:
 
<!--T:33-->
On Android:
 
<!--T:18-->
::*1. Go to the main menu on the Google Authenticator app
 
<!--T:19-->
::*2. Click '''Settings'''
 
<!--T:20-->
::*3. Click '''Time correction for codes'''
 
<!--T:21-->
::*4. Click '''Sync now'''
 
<!--T:22-->
On the next screen, you will be confirmed whether time has been synced, and you should now be able to use your verification codes to log in. Syncing will only affect the internal time of your Google Authenticator app, not the one in your device's settings.
 
<!--T:34-->
On iOS:
 
<!--T:35-->
::*1. Go to the iPhone Settings app (your phone settings area)
 
<!--T:36-->
::*2. Select '''General'''
 
<!--T:37-->
::*3. Select '''Date & Time'''
 
<!--T:38-->
::*4. Disable the '''Set Automatically''' option and re-enable again
 
<!--T:39-->
::*5. Restart your device


==Authenticator Applications== <!--T:6-->
==Authenticator Applications== <!--T:6-->
iOS, Android and Blackerry Application support is listed at the following link:  
iOS, Android and BlackBerry Application support is listed at the following link:  
http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447
http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447
When following these guides, please use the code or QR code given by xat after enabling the google authenticator option as these are for your xat account.
When following these guides, please use the code or QR code given by xat after enabling the google authenticator option as these are for your xat account.
Line 39: Line 100:


<!--T:8-->
<!--T:8-->
Windows 8/8.1/10 app: <tvar|link2>https://apps.microsoft.com/windows/en-us/app/google-authenticator/7ea6de74-dddb-47df-92cb-40afac4d38bb</>
Windows 8/8.1/10 app: <tvar|link2>https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6</>


==Use Authentication without an application== <!--T:9-->
==Use Authentication without an application== <!--T:9-->
Line 51: Line 112:


<!--T:12-->
<!--T:12-->
Simply install the extension/app and add the time based code to the extension and it will generate the authentication codes for you to use to login.
Simply install the extension/app and add the time-based code to the extension and it will generate the authentication codes for you to use to login.


<!--T:13-->
<!--T:13-->
Line 57: Line 118:


<!--T:14-->
<!--T:14-->
'''It is recommended to use authenticator on your phone (i.e using a phone application) if possible as that is more secure.'''
'''It is recommended to use authenticator on your phone (i.e. using a phone application) if possible as that is more secure.'''
</translate>
</translate>

Revision as of 13:24, 2 December 2018


If you have an iOS, Android, Windows phone or Blackberry device, you can turn on Google Authenticator to add an extra layer of security to your account. This will make it a lot harder for unauthorized users to gain access to your account.

You should not rely on Google Authenticator if you do not have a strong password. Visit Phishing for more information.

Never share your token code with a friend or anybody else. xat staff or volunteers will never ask you to turn off Authentication. If anyone asks you to turn off Authentication, they are trying to access your account and steal your xats, days, and/or powers.

SAVE YOUR BARCODE IMAGE so you can scan it later if you lose your code.

How to enable or disable Google Authenticator

Account security options.

Enabling

To enable authentication, go to the login page, and login successfully. Click the third drop down menu and turn authentication to "ON (authenticated)". Enabling this will now lead you to a page with a QR code. You can scan the barcode by pressing the "Scan a barcode" option using the Google Authenticator app or browser extensions located below. You should receive a 6 digit code that you can then enter into the “Enter authenticator code” section on the xat login. The authenticator application generates a new 6 digit token code every 30 seconds. Ensure that you tick *Check to save token on this PC for 30 days.* If this is not ticked, it will ask for a new authentication code every time you login to your xat account.

Example of QR code.

IMPORTANT: When you enable Google Authenticator, it is recommended for you to print the page with the code given. This will help you add it again in case you lose your authenticator code.

Disabling

To disable authentication, go to xat's login page and login successfully. Select the last drop-down menu and set it to "OFF (not authenticated)". This will also disable tickle power.

Frequently Asked Questions

Q. I get a clock error.

  • A. Please check the clock on your device and ensure that your time is set correctly. If the problem still occurs re-scan the bar code or re-enter the time-based code.

Q. Incorrect authenticator code.

  • A. Make sure the time on your phone is set correctly and enter the token then displayed on your phone.

Q. What happens if I lose my phone or don't have access to enter the Token code?

  • A. Make a ticket at http://xat.com/ticket Under "Lost Auth" and request that you want your Token code reset.

Q. I get "Login requires authenticator code."

  • A. Check your device and enter the authenticator code given inside of the application.

Q. If I switch phones, how will I get this to work on my new one?

  • A. If you change phones, you need to use the page you printed out and add the account QR code/time-based code to the application again. You can also turn off authenticator and turn it back on and use the new code.

Q. My Google Authenticator codes aren't working.

  • A. This might be because the time on your Google Authenticator app is not synced correctly.
  • To make sure that you have the correct time:

On Android:

  • 1. Go to the main menu on the Google Authenticator app
  • 2. Click Settings
  • 3. Click Time correction for codes
  • 4. Click Sync now

On the next screen, you will be confirmed whether time has been synced, and you should now be able to use your verification codes to log in. Syncing will only affect the internal time of your Google Authenticator app, not the one in your device's settings.

On iOS:

  • 1. Go to the iPhone Settings app (your phone settings area)
  • 2. Select General
  • 3. Select Date & Time
  • 4. Disable the Set Automatically option and re-enable again
  • 5. Restart your device

Authenticator Applications

iOS, Android and BlackBerry Application support is listed at the following link: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447 When following these guides, please use the code or QR code given by xat after enabling the google authenticator option as these are for your xat account.

Windows Phone app: https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj

Windows 8/8.1/10 app: https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6

Use Authentication without an application

Google Chrome: https://chrome.google.com/webstore/detail/gauth-authenticator/ilgcnhelpchnceeipipijaljkblbcobl

Firefox: https://5apps.com/gbraad/gauth

Other browsers: https://5apps.com/gbraad/gauth (use the web app)

Simply install the extension/app and add the time-based code to the extension and it will generate the authentication codes for you to use to login.

In the case of other browsers, you will have to load the web app every time to access your authenticator codes.

It is recommended to use authenticator on your phone (i.e. using a phone application) if possible as that is more secure.