FAQ on two-factor authentication (2FA)
Two-factor authentication provides an additional layer of security for maxcluster's Managed Center. It ensures that only someone with a second factor, the secret, can access the account, even if another person knows the password.
How it works
Two-factor authentication is performed by entering a one-time valid additional PIN, also known as a token. The procedure is comparable to the mobile TAN known from online banking. As a rule, the one-time PIN is not retrievable via the computer, but on the smartphone. Here, the security code is displayed via an app such as Google Authenticator for iOS and Android.
Activating two-factor authentication
Under the respective user, you will find the menu item "My data". In the "Password & 2FA" area, you can then activate two-factor authentication. After the "2FA activation" you will be asked to enter a recovery number (phone number).
Here, it is recommended that you do not take the phone number of the device on which the 2FA is installed as an application, because if it is lost, neither the 2FA token will be available, nor will the recovery option via SMS or call work.
For confirmation, you must then store the type of verification. You can choose between a call or an SMS.
The second step is to verify the recovery number. In this process, a confirmation code will be sent to the deposited number. Please enter this code for verification.
The last step is to set up the 2FA.
Setting up two-factor authentication
When 2FA is activated, a QR code is displayed, which must be scanned with an authenticator app. After that, please enter the generated one-time password in the input field and finally click on "Complete setup". This sets up the two-factor authentication.
Deactivating two-factor authentication
Under the respective user, you will find the menu item "My data". In the "Password & 2FA" section, you can deactivate two-factor authentication.
Loss of two-factor authentication
If the smartphone or the app in question is lost, the 2FA must be reset. This can be done via support as well as via the login area of the Managed Center. After logging in via the Managed Center and entering the 2FA, you can click on "Lost second factor" in the lower area.
You will then be sent a four-digit code to the stored phone number via SMS or voice call.
Once you have successfully entered the confirmation code, you can log back into the Managed Center without 2FA.
Why can't I reset the 2FA secret with a password reset?
If you have forgotten your password, the password reset will reset it for security reasons. However, this does not disable the 2FA secret, as this would mean bypassing the second factor, which would of course be undesirable.
Can I deactivate the 2FA myself?
As a logged-in user, you can deactivate the 2FA for a user. You can find this functionality under: Users → Details → Disable 2FA.