X-Payments:Setting up user authentication with the Google Authenticator app
X-Payments can be set up to use an authentication method based on using the Google Authenticator application which you install on your phone. The application is connected to your X-Payments installation, after which it can generate one-time passwords that serve as the second piece of evidence to prove your identity after you have entered your X-Payments login and password.
To set up user authentication via the Google Authenticator app, follow these steps:
- Install the Google Authenticator app on your phone/mobile device. The installation instructions are available here.
- In the X-Payments back end, go to the configuration page for the authentication method based on using Google Authenticator (2-step authentication with Google Authenticator).
This page opens automatically after you select Google Authenticator as your preferred user authentication method when you log in to X-Payments for the first time. Also, you can access this page at any time using the "Google Authenticator app configure" link on your profile details page (Profile > View details):
- Sync the time on the device where you have installed the Google Authenticator app with the time in X-Payments. Never mind the time zone difference; it is only the minutes and seconds that need to be synchronized. The current time in X-Payments is displayed right on the 2-step authentication with Google Authenticator page:
- Add your X-Payments account to the Google Authenticator App. To do so, scan the QR code on the right-hand side of the 2-step authentication with Google Authenticator page:
Or use the Secret code displayed below the QR code to manually register your X-Payments account in the Google Authenticator app:
- To test the configuration, enter a one-time password from your Google Authenticator application on the 2-step authentication with Google Authenticator page and click "Check":
Note that the lifetime of a one-time password is one minute, and the same code cannot be used more than once.
Provided that the password from the Google Authenticator has been entered correctly, you should see a popup message saying that the authentication method has been configured successfully:
Now user authentication via the Google Authenticator app is enabled and configured:
At the second step of user authentication, you can now use one-time passwords generated by the Google Authenticator app:
Important: After setting up your preferred user authentication method, be sure to create and save a list of backup codes for access to X-Payments:
Later on, if you need to set up Google Authenticator on a different device, you will have to reconnect the app. Note that to complete the task you will be required to enter a one-time password from your currently connected Google Authenticator app (If you have authentication via SMS/text messages enabled as an additional method, you can also use a one-time password received via SMS/text message instead of the password from Google Authenticator - these passwords are the same and can be used interchangeably).
To re-connect the app:
- On the configuration page for the authentication method based on using Google Authenticator (2-step authentication with Google Authenticator), click the Re-connect the app button:
A popup window will be displayed providing a form for you to enter a one-time password from your currently connected app:
Type in the one-time password from Google Authenticator (or an SMS/text message) and click Enter. The popup window will be closed, and the method configuration page will show the note "The authentication method is not configured!":
- Scan the QR code or manually enter the Secret code to re-connect the app.