Two-factor authentication is an additional authentication method available on Gandi’s website. It is not a replacement of the conventional login page, but rather, an additional layer, that helps make it harder for someone to hijack your account.
You will still log in with your usual Gandi username and password, but then you will be asked for a one-time token that you will generate on your smartphone, tablet, or computer.
Setting up TOTP requires a TOTP application or device. Below you can find a list of free applications you can use.
To activate double authentication on Gandi’s website:
1. Go to your “Security” page¶
- To access your user settings click on your username in the top right corner of the page. Select “User Settings” from the drop down menu.
- Scroll down and choose “Change password & configure access restrictions”,
- From there, toggle “Two-factor authentication” to “Yes”.
2. Set up your TOTP app¶
The page presents you with your authentication key (seed).
You need to provide to your TOTP application, and click “Next” when that has been done.
You can use the same seed over multiple devices
3. Test that it works¶
Now you will see a final form where you need to indicate your username’s password, and the 6-digit token that your TOTP application generates (you will need to generate it first). Remember that your token is only valid for 30 seconds.
Click “Save” when done.
Once you you have validated that form, two-factor authentication will be enabled for your account.
If you lose the “seed”, or the application that contains it (for example if you lost your smartphone), please contact Gandi’s customer support.
The “T” in “TOTP” stands for time based. Because the time is part of the calculation that occurs, it is important that the time on your account and the time on your device be in sync. A difference in time or time zone can cause an error.
More about TOTP¶
We generate a “seed” (a type of authorization code), and then ask that you input this on a special application that you installed on your smartphone or computer (called a TOTP or OTP application - see below to get one).
Once you have done this, every time you log in you can use your TOTP application to generate a one-time token that is valid for 30 seconds.
You will be prompted for this token on our login page, and you must enter it within the 30 second window. Our server then cross-references your token with the one that we have on file during that time. If it is valid, then we proceed with the login.
Free TOTP applications¶
- Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
- FreeOTP: https://freeotp.github.io/
Apple (iMac, iPhone, iPad, iPod)¶
- Google Authenticator: https://itunes.apple.com/fr/app/google-authenticator/id388497605?mt=8
- OTP Auth: https://itunes.apple.com/us/app/otp-auth/id659877384?mt=8
- HDE OTP Generator: https://www.hde.co.jp/otp/en/
- FreeOTP (iOS): https://freeotp.github.io/
- oathtool : Command line tools
When configuring your application, you will need to know these values:
- Code length: 6 digits
- Time step: 30 seconds
- Seed format: Base 32 encryption (Arbitrary)
- Microsoft Authenticator: http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b