Skip to main content

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security method that applies an additional layer of security when authenticating into a software system. Instead of relying on solely a password for authentication, 2FA introduces an additional factor, typically taking the form of a code or biometric information, that must also be provided for authentication. 2FA makes authentication systems more resilient by making it more difficult for malicious users to impersonate valid users, especially if users use a weak or compromised password.

Two-Factor Authentication in ALTR

ALTR's authentication system requires users to enter a 2FA code in addition to a username and password. ALTR supports three different methods for generating 2FA codes:

  • Email-based 2FA: ALTR sends an email to a user's email address that includes a 2FA code.

  • SMS-based 2FA: ALTR sends a text message (SMS) to the user's phone number that includes a 2FA code.

    Warning

    SMS-based 2FA is generally considered insecure relative to other 2FA methods. ALTR recommends only using SMS-based 2FA when absolutely necessary.

  • Authenticator App-Based 2FA: Users connect a third party authentication app (Ex: Google Authenticator, Authy) to ALTR that automatically generates temporary one-time passwords (TOTP) for 2FA.

ALTR Superadministrators can control which 2FA methods are available for users within an organization in ALTR's Settings page. This can be found in Settings+PreferencesOrganization. If a 2FA method is disabled for an organization, any users currently using that method will be prompted to update their 2FA during their next login.

Individual ALTR users are prompted to configure 2-factor authentication when first creating their ALTR account. Additionally, users can change their 2FA method in ALTR's settings page by navigating to SettingsPreferencesUser. Users are prompted to confirm receipt of a 2FA code before ALTR changes their 2FA method.

ALTR administrators are not required to provide a 2FA token when authenticating through Single Sign-on (SSO). When SSO is enabled for an organization, ALTR defers all authentication methods to the configured identity provider (IdP).