What is 2-step verification?
We implemented TOTP (Time-Based One-Time Password Algorithm), which is an open standard (RFC6238). Any tool, program or application that implements this standard, will work. For iOS and Android, we primarily tested Google Authenticator since this is the most popular implementation. Let’s clear up a few misunderstandings about Google Authenticator:
- You don’t need a Google account to use it
- No data is transferred to Google
- You don’t have to be online to use the app
- You can use any other application that supports TOTP generation.
For BlackBerry, we tested Authomator and for Windows phone we tested Authenticator. The apps generate a 6-digit phone key on your mobile device that will refresh itself every 30 seconds. Whenever you wish to log in to the Registrar site, you will need to submit the current phone key linked to your account.
Where can you download the recommended apps?
This depends on the operating system of your smartphone.
For iOS users:
- Open the App Store and search for Google Authenticator
- Install the app
For Android users:
- Open Google Play and search for Google Authenticator
- Install the app
For BlackBerry users: To install Authomator on your BlackBerry device, you must at least have OS 10.0 installed. Download the app
For Windows phone users:
- Open Marketplace and search for Authenticator
- Install the app
Alternatively, the app can be downloaded here.
How to add the DNS Belgium phone key to your app
When you log in to the Registrar Site for the first time after our 2-step verification process is implemented, you need to submit your Registrar ID, User ID and password, but leave the field for the phone key blank. This will take you to a new page where you can scan a QR code that is generated uniquely for your account.
Scan this QR code using the app. This will add the phone key to the app on your mobile device. If this is done correctly, you will now see a 6-digit code with the name DNS_Belgium and your User ID. This code will refresh itself every 30 seconds.
How to log in after generating a phone key?
Once you have completed the 2-step verification setup for your account, you will need your phone key every time you wish to log in to the Registrar site. Fill in your Registrar ID, User ID and password as before. Then open the app on your phone to get your current phone key. Enter the 6-digit number in the corresponding field of the login form and click on ‘Log in’. Your phone key refreshes itself every 30 seconds; however it will stay valid for a few seconds more. This means that if the phone key changes at the moment you submit your log-in details, it will still work.
For 2-step verification to work correctly, it is important that the clock on your mobile device is correct. To make sure that the app has the correct time:
For the Google Authenticator, this works as follows:
- Go to the main menu on the Google Authenticator app
- Click Settings
- Click Time correction for codes
- Click Sync now
On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.
What if you lost your mobile device or switch to a new one?
A phone key is always linked to your specific user account and the mobile device you’ve used to set up the 2-step verification process. This means that if you lose your mobile device or switch to a new phone, you cannot use another device to set up a new 2-step verification process, unless the previous set-up is reset. If this is needed, you can contact your administrator to reset your 2-step verification key for your account. After this is done, you will need to follow the same steps on your new mobile device to set up this process again. You will need to install the app on the new mobile device and do your first login to the Registrar site by leaving the phone key field blank. If the process was successfully reset for your account, doing this will bring you once again to the page where a new, unique QR code will be presented for you to use in the app.
If you are the administrator, and lost your phone or need to set-up a new one, please contact email@example.com to reset your current phone key.
Can I link multiple mobile devices to the same account ?
Yes, you can have multiple devices generate the same one time passwords by scanning the same QR code into both devices during the setup process. If you have already left the setup page you will have to contact your administrator to reset the 2-step verification key for your account.
However, linking multiple devices to the same account is only recommended when a single user wants to have the phone key on more than one of his or her (personal) devices. When more users need access to the registrar site, you should use different user accounts. More information on this topic can be found in our Registration Guidelines, part 3, WEB, p11: Users.
What if your mobile device is currently unavailable to you?
If you don't have your mobile device with you when you need to log in to the Registrar site, or if your mobile device is out of battery, you won’t have access to the app for your current phone key. However in this case, your administrator can help you out as well. It’s possible for your administrator to request a temporary phone key for your account. This will be valid for about 90 seconds, so it's best to go through this process when you are at the log-in screen.