Ai-B: Initial help article for the optional oe_2fa.lzm module (rev 01)

2026-04-14T10:40:10Z

Initial help article for the optional oe_2fa.lzm module (rev 01)

New page

__NOTOC__
Two-Factor Authentication (2FA) adds an extra security layer to JovianDSS administrator accounts. When activated, the administrator must supply both a password and a 6-digit code from a smartphone authenticator app during login. This prevents unauthorized entry even if the password is compromised.

'''Note:''' 2FA is delivered as an optional Small Update (the '''oe_2fa''' module). This article describes revision '''01'''. If your system was updated to a newer revision, refer to the matching ''Extension:Two-Factor_Authentication_rev_NN'' article.

== Supported authentication method ==

JovianDSS implements '''TOTP''' (Time-based One-Time Password):

*Compatible with Google Authenticator, Microsoft Authenticator, Authy, FreeOTP, and any other TOTP-compatible app.
*Codes change every 30 seconds.
*Works offline — the authenticator app does not need internet access.
*SMS-based methods are intentionally not supported (TOTP is more secure).

== Setting up 2FA ==

#Navigate to '''System Settings''' → '''Administration''' → '''Two-Factor Authentication'''.
#Click '''Enable Two-Factor Authentication'''.
#Review the displayed QR code and secret key.
#In your authenticator app, either scan the QR code or manually enter the secret.
#Enter the current 6-digit code from the app to verify the setup and click '''Verify and Enable'''.
#The system generates '''10 backup codes'''. '''Save these codes immediately''' — they are shown only once.

Store backup codes securely (password manager or printed copy kept in a safe place).

== Logging in with 2FA ==

#Enter the administrator password.
#When prompted — ''"Two-factor authentication is enabled. Please enter your authentication code."'' — enter the current 6-digit code from the authenticator app.
#Click '''Log in'''.

The system allows a small time tolerance (±30 seconds) to cope with minor clock drift.

=== Using a backup code ===

If the authenticator app is unavailable, enter one of the saved backup codes in the authentication code field instead of a TOTP code. Each backup code works only once and is invalidated after use.

== Managing 2FA ==

=== Checking status ===

Open '''System Settings''' → '''Administration''' → '''Two-Factor Authentication''' to see the current status and the number of remaining backup codes (for example: ''7 / 10 backup codes available'').

=== Regenerating backup codes ===

#Click '''Regenerate Backup Codes'''.
#Enter the current 6-digit authenticator code to confirm.
#A new set of 10 codes is generated. All previous codes (used and unused) are invalidated.
#Save the refreshed codes immediately.

=== Disabling 2FA ===

#Click '''Disable Two-Factor Authentication''' and confirm.
#2FA is deactivated and the stored secret and backup codes are removed.
#Re-enabling requires complete reconfiguration (new QR code, new backup codes).

== Recovery ==

=== Lost or broken phone — backup codes available ===

#Log in using a backup code.
#Disable 2FA in System Settings.
#Set up 2FA again on the replacement device.

=== Lost phone and no backup codes ===

#Contact the system administrator.
#The administrator disables 2FA on the account.
#Log in with password only.
#Set up 2FA again on the replacement device.

=== Moving to a new phone ===

Most authenticator apps support transfer:

*'''Google Authenticator''' — account transfer feature.
*'''Microsoft Authenticator''' — optional cloud backup.
*'''Authy''' — automatic sync across linked devices.

Alternatively: disable 2FA on the old device, then re-enable it and scan the QR code on the new device.

== Best practices ==

*Save backup codes immediately after setup — store them in a password manager or a secure physical location.
*Keep the phone's time synchronized (usually automatic).
*Do not share codes, secret keys, or backup codes with anyone.
*Regenerate backup codes periodically after heavy use.
*Consider disabling 2FA before planned device transitions.

[[Category:Help topics]]
[[Category:Extensions]]

Extension:Two-Factor Authentication rev 01 - Revision history

Ai-B: Initial help article for the optional oe_2fa.lzm module (rev 01)