Jolojo has powerful 2FA (Two Factor Authentication) capabilities. However, they do need setting up first as they require site specific third party tools.
Setting up 2FA
NOTE - not all of these features are currently available to free accounts. If you would like this enabled please email yo@jolojo.com
2FA can be enabled on a per user basis, or if you are allowing users to register with the site you can default the sign-up options to 2FA.
CAUTION - In certain circumstances adding 2FA can lock you out of your account, we suggest adding a test user and testing fully prior to a full deployment.
Admin > Config
Setup URL - This is the login page URL, you will need to add the '"2FA One Time Password Management" plugin.
Reset Email - This needs to be a 2FA reset email
Twilio Account SID - Set up an account at www.twillio.com - create an API Key
Twilio Auth Token - part of the setup above at Twilio
Twilio From Number - part of the setup at Twilio
After clicking the 'Enable...' button they are taken to:
User clicks 'Set up using an app' they are then given their recovery codes:
The user MUST download, Print or Copy these codes. Once they have done that they can click the next button:
With their authenticator app, the user scans the QR code and a 6 digit code is generated, once they enter this code the 2FA setup process is complete. Every time the user logs in they must use the authenticator app and new 6 digit code.
#NOTE - we allow a 5 second buffer from the expiry of each code from authenticator apps.
2FA using SMS
The process is similar to the above, but the Authenticator app is replaced with an SMS to their mobile device.