WhosOff gives you the option to enable a secure two factor authentication method, in order to enhance security on your account. This will require you to enter a One Time Password (OTP), after entering your username and password to log in to WhosOff. This OTP can be retrieved by email, or via a secure authenticator mobile app. Note that MFA / 2FA will only be required on the web portal, this does not affect the WhosOff Android and iOS mobile apps.
ENABLE MULTI FACTOR AUTHENTICATION (MFA)
To enable MFA in your WhosOff account;
- Login to your WhosOff account
- Click on Your Name in the top right hand corner of the page
- Then click on My Details / Settings
- On the left hand side of the resulting page click on Staff profile
- Using the Multi-Factor Authentication dropdown, select how you want to receive your OTP (Authenticator or Email) and click Save changes
- If you select Authenticator, after clicking Save a QR code will appear.
AUTHENTICATE BY AUTHENTICATOR APP
You may choose to receive your authentication code by a dedicated authenticator app. Google, Microsoft, and many other sources provide these apps, which can be downloaded to your mobile phone. Once you open your authenticator app, you can follow its process to add a new application - this will involve scanning the QR code generated by WhosOff in your My Details / Settings area.
Please note that if you set up MFA by Authenticator, and then change this choice (either setting MFA to None, or changing to Email authentication), you will need to re-add WhosOff to your authenticator app by scanning the QR code again, should you choose to change back to the Authenticator setting.
Once you have set up WhosOff in your authenticator app, you will see it generate a One Time Password (OTP), which will change every 30 seconds.
Now that you have set up your authenticator, when you next log in to WhosOff, you will see a screen as below, where you can submit your OTP. You will also see a checkbox marked Don't ask me again, if you tick this then the second login step (asking for the OTP) will not re-occur within the next 45 days, provided you do not physically log out of WhosOff (by clicking Your Name and then Log out). After clicking Verify, you will be logged in to your account.
AUTHENTICATE BY EMAIL
You can also choose to receive your code by email instead, or if you have selected to log in via an Authenticator app you can always switch to receiving an email when you log in. If you choose to re-send your code by Email (when you have originally chosen Authenticator), then this will change your authentication method to Email, and you can switch it back when you next log in.
