Activating two-factor authentication

Two-factor authentication is an additional authentication method available on our website. It is not a replacement of the conventional login page, but rather, an additional layer, that helps make it harder for someone to hijack your account.

You will still log in with your usual Gandi handle and password, but then you will be asked for a one-time token that you will generate on your smartphone, tablet, or computer, by using a special application (see below).

To activate double authentication on Gandi's website, begin by going to your account's security page in “Account management” and then by clicking on “Account security”:

Activation: step 1/3:

From the Account Security page, scroll down to where you see “Two-factor authentication” and click “Activate”.

Then, begin by providing your Gandi handle's password and an emergency telephone number. This number will be useful in the event that you lose your authentication key (seed):

Activation step 2/3:

Type your Base 32-encoded authentication key (seed) in your TOTP application where requested or scan the QRcode displayed on the page, and click Submit to continue.

The authentication key (seed) that we give you can be used for multiple devices simultaneously. So you can share it by copy and pasting the seed to your collaborators, or by copying the QRcode image and distributing it to them as well.

Activation step 3/3:

Now you will see a final form where you need to indicate your Gandi handle's password, and the 6-digit token that your TOTP application generates (you will need to generate it first). Remember that your token is only valid for 30 seconds.

Once you you have validated that form, two-factor authentication will be enabled for your account. This activation process is done in a way to assure that you know how to use this feature before it is applied to your account, so that you don't lock yourself out.

More info on TOTP

We generate a “seed” (a type of authorization code), and then ask that you input this on a special application that you installed on your smartphone or computer (called a TOTP or OTP application - see below to get one).

Once you have done this, you can use your TOTP application to generate a one-time token that is valid for 30 seconds.

The token will then need to be indicated during your login on our page while it is valid. Then, our server cross-references that with the one that we have at that time. If it is valid, then we proceed with the login.

If you have lost the “seed”, or the application that contains it (for example if you lost your smartphone), please contact customer support

Free TOTP applications

Android

Apple (iMac, iPhone, iPad, iPod)

BlackBerry 10

Linux

  • oathtool : Command line tools
$ oathtool --base32 --totp "ZHZ7TIQZUZWSF6ILBTHKO6DN"
452945

When configuring your application, you will need to know these values:

  • Code length: 6 digits
  • Time step: 30 seconds
  • Seed format: Base 32 encryption (Arbitrary)

Windows Phone

Windows

See Also

Last modified: 08/31/2016 at 00:51 by Arthur C. (Gandi)