Two-factor authentication for CrashPlan for Small Business
Overview
Two-factor authentication increases the security of your CrashPlan for Small Business environment by requiring users to provide additional verification before accessing the Code42 console or CrashPlan for Small Business mobile app.
Requirements
Two-factor authentication uses the Time-based One-Time Password (TOTP) algorithm and a 160-bit secret key for each user. We test and recommend the applications listed below, but any TOTP application should work.
Mobile app authentication
To authenticate using a mobile app, we recommend using Google Authenticator.
Browser-based authentication
To authenticate using a web browser, we recommend using the Authenticator plugin.
Considerations
- Two-factor authentication affects access to the Code42 console and CrashPlan for Small Business mobile app. It does not affect access to the Code42 app on user computers.
- To reset two-factor authentication for a user, you must sign in to the Code42 console as a CrashPlan for Small Business administrator. If you're not a CrashPlan for Small Business administrator, contact your organization's administrator.
Set up two-factor authentication
Video
Watch the short video below to learn how to set up two-factor authentication.
Complete setup
Users are required to set up their account the next time they sign in. Future sign-ins only prompt users to obtain the verification code from the Google Authenticator mobile app or Authenticator browser plugin.
Two-factor authentication will not prompt to complete setup until the user is signed out and attempts to sign in again. To sign out of your account, click the user profile icon in the top-right corner of the screen and select Sign out from the dropdown menu.
- Upon signing in to the Code42 console, the Set Up Two-Factor Authentication message appears.
- Using your authenticator, scan the QR code provided (see sample below) or manually enter the displayed code in your authenticator.
- In the Enter verification code field, enter the verification code displayed in your authenticator mobile app or authenticator browser plugin.
- Click Sign In.
Reset two-factor authentication for lost, stolen, or new devices
If you've been using two-factor authentication, then need to reset it because a device is lost, was stolen, or you have a new device, follow the instructions below. Resetting two-factor authentication for a user invalidates the secret used to generate the user's TOTP, and prompts the user redo the initial configuration steps upon the next sign-in attempt.
For users
A CrashPlan for Small Business administrator must reset the two-factor authentication configuration for a user as follows:
- Sign in to the Code42 console.
- Select Users > Active.
- Click the name of the desired user.
The User Details screen appears. - From the action menu in the upper-right, select Reset Two-Factor Authentication.
Upon next sign-in attempt, the user is prompted to redo the initial configuration steps.
For administrators
If you're a CrashPlan for Small Business administrator and need to reset two-factor authentication for yourself, you can use the steps above to reset your own two-factor authentication.
If you no longer have access to your authenticator, contact our Customer Champions for support.
Two-factor authentication FAQ
Can I turn off two-factor authentication?
Two-factor authentication cannot be disabled for any reason. If you need to reset your two-factor authentication, see Reset two-factor authentication for lost, stolen, or new devices.
I don't have a smart phone to use for two-factor authentication
Two-factor authentication can be set up on other mobile devices as well (such as an iPad). Those who do not have a suitable device or want to use an alternative method to authenticate can install a browser plugin to display the two-factor authentication code in their browser. We recommend Authenticator.
Do I have to use Google Authenticator for two-factor authentication?
While we only test on Google Authenticator and the Authenticator browser plugin, any Time-based One-Time Password (TOTP) application should work.
Can I set up two-factor authentication on multiple devices?
Yes. To set up, scan the QR code or manually enter the code presented when first setting up two-factor authentication on all the devices you want to use for authentication. Multiple devices should not be used to allow multiple users to log into a single account.
I'm getting an invalid code error when setting up two-factor authentication
There are a few reasons that an "invalid error code might occur:
Setup is incomplete
If your login session expires before you complete setup, you'll be presented with a new code when signing in and the code you previously entered into your authenticator is no longer valid. To resolve:
- Remove the Code42 account previously added to your authenticator. Do not skip this step.
- Refresh the sign in page in your web browser and sign in again, if prompted.
- Scan the QR code or manually enter the code as a new account in your authenticator.
- Enter the verification code from your authenticator in the last step of the sign in screen.
Entering a code from a different account
If you have multiple two-factor authentication accounts set up in your authenticator, you might accidentally enter the code corresponding to a different account. Double-check the account associated with the code you are using and try again.
Device time is out of sync
If your device times are not accurate, the authentication process may fail. We recommend checking your device time at https://time.is/. If the device time is off, ensure the time is set automatically: