Zum Inhalt springen
    How do I configure 2FA on my account?
    Learn how to enable and manage two-factor authentication (2FA) on your GA.NU account using an authenticator app, a security key, or SMS. This guide covers setup, recovery codes, sign-in flow, and troubleshooting.
    account-security2faauthentication

    How do I configure 2FA on my account?

    Two-factor authentication (2FA) adds an extra layer of security to your GA.NU account by requiring a second proof of identity in addition to your password. This helps protect your .ga.nu domain management from unauthorized access.

    Before you start

    • Make sure you can sign in to your GA.NU account with your email and password.
    • Decide which 2FA method you want to use (you can add more than one):
      • Authenticator app (TOTP) — recommended. Works with apps like 1Password, Google Authenticator, Microsoft Authenticator, and Authy.
      • Security key (FIDO2/WebAuthn) — works with devices like YubiKey or platform passkeys on supported browsers/devices.
      • SMS codes (where available) — less secure than authenticator apps or security keys; use as a backup.
    • Have a safe place (preferably offline) to store recovery codes.

    Enable 2FA (web)

    1. Sign in to your GA.NU account.
    2. Go to: Account > Security.
    3. Find "Two-Factor Authentication" and select "Enable".
    4. Choose your preferred method and follow the steps below.

    Choose a 2FA method

    Authenticator app (TOTP)

    1. On the 2FA setup screen, choose "Authenticator app".
    2. Open your authenticator app and add a new account.
    3. Scan the QR code shown on GA.NU (or manually enter the secret key provided).
    4. Your app will generate a 6-digit code that changes every 30 seconds.
    5. Enter the current 6-digit code on GA.NU to verify.
    6. Save your recovery codes when prompted.

    Example of a TOTP code entry:

    Enter the 6-digit code from your authenticator: 123456
    

    Tips:

    • If codes fail, ensure your phone’s time is set to automatic and is accurate.
    • Consider adding the same TOTP secret to a second device (e.g., a password manager that supports TOTP) for backup.

    Security key (FIDO2/WebAuthn)

    1. Choose "Security key".
    2. When your browser prompts you, insert or activate your hardware key, or register a built-in passkey on your device.
    3. Follow on-screen instructions (you may be asked to touch the key, enter a PIN, or use biometrics).
    4. Give the key a recognizable name (e.g., "YubiKey Nano" or "Laptop Passkey").
    5. Save your recovery codes.

    Tips:

    • Register at least two keys (e.g., primary + backup) to avoid lockouts.
    • Keep one key stored securely at home.

    SMS codes (where available)

    1. Choose "SMS" and verify your phone number.
    2. Enter the 6-digit code sent via text to confirm.
    3. Save your recovery codes.

    Notes:

    • SMS is convenient but more vulnerable than authenticator apps or hardware keys. Prefer TOTP or security keys.
    • Availability may vary by region and carrier.

    Save your recovery codes (important)

    After enabling 2FA, GA.NU will show one-time recovery codes. Use these only if you lose access to your second factor.

    • Download as a .txt file or print the codes.
    • Store them offline in a secure place (e.g., a safe).
    • Do not keep them in email or cloud notes without encryption.

    Example recovery codes:

    GA.NU Recovery Codes
    Use each code once. Keep offline.
    
    7KXJ-9M2C-HT8P
    P4QR-V6ND-2WYA
    MZ3F-Q8LJ-7KSV
    H2BD-PR9X-4EJT
    C7NL-X9TA-5WQY
    24JH-KP6M-XQ8D
    VY5E-R3TL-9GPN
    QN8K-6MDY-2JZH
    WX4C-7BRT-P9LA
    TD6Q-MX3N-8VJS
    

    What to expect when signing in

    • Enter your email and password as usual.
    • You’ll be prompted for your second factor:
      • Authenticator app: enter the current 6-digit code.
      • Security key: follow the browser prompt (touch key, PIN, biometrics).
      • SMS: enter the code you received by text.
    • If offered, you may choose "Trust this device" to reduce prompts for a limited time. Only trust personal devices.

    Manage, add, or disable 2FA

    • Go to Account > Security > Two-Factor Authentication.
    • You can:
      • Add additional methods (e.g., a backup security key or a second authenticator app).
      • Rename or remove registered security keys.
      • Regenerate recovery codes (this invalidates old codes).
      • Temporarily disable 2FA (requires a current 2FA code or a recovery code).

    Best practices:

    • Keep at least two second-factor methods (e.g., authenticator + backup key).
    • Update your recovery codes if you suspect they were exposed.
    • Review trusted devices and sign-outs periodically.

    Troubleshooting

    • My authenticator codes don’t work:
      • Ensure your phone’s time is set automatically and is accurate.
      • Try a fresh code; TOTP codes expire every ~30 seconds.
      • Re-scan the QR code and verify you entered the correct secret.
    • I lost my phone/security key:
      • Use a recovery code to sign in.
      • Add a new authenticator or security key immediately.
      • Remove the lost device from your 2FA methods.
    • I didn’t receive an SMS code:
      • Check coverage and signal; ensure your number is correct.
      • Wait a minute, then request a new code.
      • Use your authenticator or a recovery code if available.
    • I’m locked out and have no recovery codes:
      • Contact GA.NU Support via the Help Center for identity verification and account recovery.

    FAQs

    • Can I use a password manager for TOTP?
      • Yes. Many password managers can generate TOTP codes. Protect your password manager with strong security.
    • Do passkeys work?
      • If supported by your browser/device, you can register a platform passkey as a security key method.
    • Can organizations require 2FA?
      • If you manage an organization, owners/admins may enforce 2FA for members. Check your organization’s Security settings.
    • Will enabling 2FA affect API or CLI access?
      • If you use API tokens, they typically remain valid but may require re-authentication or application-specific passwords. See the API credentials section in Account > Security.

    Keep your account secure

    • Use a unique, strong password for GA.NU.
    • Enable 2FA with an authenticator app or security key.
    • Store recovery codes offline.
    • Regularly review and update your security methods.

    If you need help, visit the GA.NU Help Center and contact Support for assistance.

    How do I configure 2FA on my account? | GA.NU