Process for logging into a 2fa enabled website or app

This is the process for requesting a 2fa code and successfully logging into to a website or app using the 2fa code. This process is told from the point of view of an agency.

What is 2FA?

2FA stands for Two-Factor Authentication. It’s a security process that requires users to provide two different authentication factors to verify their identity.

1. A username and password (this is standard for all website login systems)
2. A secondary code, usually 4 to 6 characters (this is the 2fa code)

It adds an extra layer of protection, making it more difficult for unauthorized users to access accounts, even if they’ve obtained the password.

Process overview for accessing a 2FA protected site

• You need to co-ordinate with the client to get the 2fa code.
• When attempting to sign into a website with 2fa enabled, the website sends a 2fa code request to the website owner (the client).
• The 2fa code will be sent to the clients email or mobile number.
• The 2fa codes expire quickly (ususally within 60 seconds) so this task needs to be co-ordinated before hand.
• I find the best way to co-ordinate this is communicate via sms or phone call with the client.

How to Communicate with the client

1. Let the client know what your trying to accomplish and you need their help
2. Let the client know to look out for the code sent to their mobile or email,
3. Tell the client the code expires quickly, so be onstandby.
4. Tell them they need to send you the code so you can login (recommended to do this via sms as its quicker).
5. Give the client your mobile number
6. Send the request for the 2fa code
7. Look out for the code sent back to you from the client (you may need to be communicating with other team members remotely located on slack while your communicating with the client in order to pass them the code so they can login )
8. Once you have the code either attempt a login or send it on slack to your remote co-worker

If the Code Expires

• Tell the client it didnt work and your sending another 2fa code request
• Send another request for the code
• Once you have the code either attempt a login or send it on slack to your remote co-worker

Ask the client to Disable 2fa code

Another option is just to ask the client to disable 2fa.

• Do reseach on google the steps involved to disable 2fa code.
• Send email to client listing the steps or send link to documentation on how to disable 2fa code
• Ask client to let you know when 2fa is disabled
• Once 2fa is disabled you can login
• Once you are done what you need to do, tell client to re-enable 2fa