Two-step verification for Resellers *Mandatory task*

  • Welcome to IPTV Community! You need login/register in-order to access forum without restriction.
Status
Not open for further replies.
IPTV Community

IPTV Community

Well-Known Member
Staff member
Administrator
Jun 3, 2015
429
577
214
iptv.community
Hello IPTV Comunity family.
In order to improve the security and privacy of our users, starting from today, we rolled out an update on users assigned to reseller's group and users with resellers badge must enable two-step verification on their forum accounts.

Two-Step Verification
Two-step verification, also known as two-factor authentication, asks you to provide two pieces of information to log in. You may have noticed this with other services, such as Google accounts. If you're familiar with that, you'll understand how it works in IPTV Community.

This will add extra security to your account so that you don't have to worry about your account details being stolen.

How to activate?

The process is very simple. There are three methods you can use to generate a login code when you want to enter to your account. We try to explain all the three methods in this section.




To activate, you enter the two-step verification page from the account section. Note that you'll need to confirm your password before you can do any changes to the two-step verification settings.

To enable, you select one of the below ways. There are two "primary" verification methods:
Verification code via the app - this will use an app on your phone (such as Google Authenticator or Authy) to generate a 6 digit code. This code changes every 30 seconds.

Email confirmation - this will send a unique, one-time-use code to the email address associated with your account. This method is not preferred over the app-based verification because if an attacker has access to your account, they may also have access to your email.

To enable any method, you will need to go through the verification process to ensure that everything works as expected. This prevents you from being locked out by a system you didn't successfully complete once.

There is also a third method that is automatically enabled when the first two-step verification provider is enabled: backup codes. These are intended to be saved for emergencies when you can't verify your login through any other method (if you don't have your phone, for example). Each backup code can be used once and you will be sent an email whenever a backup code has been used. So we suggest you write them down somewhere safe.

Two-Step Verification: Login



After verifying your password, if two-step verification is required, you'll be taken to a page such as the one shown above.
This also gives you the option to trust this device for 30 days. If you trust this device, you can log out and log in without being prompted to complete two-step verification for 30 days. This means you don't have to enter a code for verification every time you log in on this device.

Once the 30 days are up, you will be prompted to complete the two-step verification again (even if you have chosen to stay logged in).

Two-Step Verification: Losing Access
A common issue with two-step verification is what happens if you lose access to all of your two-step verification methods.

In this case, backup codes are really created for this specific situation. If you lose your phone or your email is no longer valid, the backup codes will still work. Therefore, we recommend you save those codes somewhere safe.

Disabling two-step verification only requires access to the password when you're already logged in. If users choose to trust a device, this very likely means that they will still have access to their account. Once they verify their password, they'll be able to change their two-step verification settings as necessary.

Thank you for helping us improve the security and privacy of our users and website.
 

Attachments

Status
Not open for further replies.