* Note: this document is for end users. If you’re an admin user and want to manage two-factor authentication, please read Two-factor authentication in Team Password Manager.
Using Two-factor (or Two-step) Authentication in Team Password Manager will increase the security of your account because it requires you to enter an additional one-time passcode known only by you.
Google Authenticator
Team Password Manager uses Google Authenticator for Two-factor authentication, so the first step is to install this app in your smartphone if it’s not already installed.
Here are the links for the Google Authenticator app for iOS and Android devices:
- Google Authenticator for iOS (iPhone, iPod touch, and iPad): https://itunes.apple.com/us/app/google-authenticator/id388497605
- Google Authenticator for Android devices: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
Enabling two-factor authentication
After installing Google Authenticator, follow these steps to enable two-factor authentication in Team Password Manager:
1. Sign in into Team Password Manager using your credentials (username + password).
2. Click on “My Account” on the top menu.
3. Click the button called “Enable Two-Factor Authentication” below your name. If you don’t see this button, it means that the Administrator user has disabled two-factor authentication for this installation and you won’t be able to use it.
You will see the following screen (the QR code and Secret Key are different every time):
4. Enter your password for verification.
5. On your smartphone, open Google Authenticator, tap the plus (+) button to Add a Token, and select Time Based (should be the default):
6. Scan the QR Code with your Google Authenticator device:
Alternatively, if your device does not have a camera you can enter the Secret Key manually. In this case, you should enter the following data:
Account: TPM:email (note the “:” between TPM and your email)
Key: the Secret Key code you see on the screen
7. Enter the 6-digit Token that Google Authenticator generates every 30 seconds in the Generated Token field:
8. Click on “Enable two-factor authentication”.
Step 7 and 8 should be done before the Google Authenticator token becomes red in you device. A new token is generated every 30 seconds, so if you see it red, just wait a few seconds until another one is generated. A little circle on the left top corner of the app shows this interval.
If everything is correct, two-factor authentication is now enabled for your user. The next time you sign in into Team Password Manager, after entering your username and password, you’ll be prompted to enter the token that the Google Authenticator app shows on your smartphone:
Also, on the “My Account” screen you’ll see a new tab called “Two-factor authentication”:
This tab shows our QR code and Secret Key in case you need to re-enter it. Also, there’s a button to create a new code (in case your smartphone is lost or stolen) or to disable two-factor authentication for your account.
Troubleshooting
1. When signing in, Team Password Manager won’t accept the “Authentication code”.
Try it again, checking that the code that the Google Authenticator app hasn’t changed while you where entering it. If you’ve tried it many times without success, contact your administrator.
2. I’ve lost my smartphone or it has been stolen.
The first thing to do is to disable two-factor authentication for your user, you can re-enable it when you have a new smartphone. To do this:
- If you’re still logged in, go to “My account” screen and click on “Disable two-factor authentication” on the “Two-factor authentication” tab.
- If you’re not logged in, you need an admin user to disable two-factor authentication for your user.
3. I’ve deleted my configuration in the Google Authenticator app or I’ve deleted the app in my device. I can’t sign in into Team Password Manager because I don’t have a token.
You have to disable two-factor authentication for your user (an admin user must do it) and then enable it again.
A note about password reset
Versions prior to 2.12.30 disabled two-factor authentication for a user when the user did a password reset. Beginning with version 2.12.30 this changes: when the user does a password reset, first the user is asked for the two-authentication code and then he/she can do the password reset. Also, two-factor authentication is not disabled for the user.