Two-Factor Authentication

What is Two-Factor Authentication?

Two-Factor Authentication (TFA), also known as 2FA or 2-Step Verification, strengthens security by requiring two methods to verify your identity.

The methods may include

  • Something you know: a unique username and password or PIN
  • Something you have:  a PIV card, key fob or smartphone app to approve authentication requests
  • Something you are: your fingerprint or a retina scan

Why TFA?

Using a TFA process can help reduce cases of identity theft and email phishing because system access requires more than just a username and password. By using TFA on ACF systems, cyber criminals or hackers can’t pretend to be you to access agency networks, IT systems etc. without your physical device needed to complete the second verification method.

How it Works on the ACF Website

TFA is required for authors and editors on our public-facing website. Our two factors are:

  1. Your current Drupal Content Management System (CMS) login credentials — your username and password.
  2. A six-digit code created by a special algorithm in the ACF system and sent to a device you chose (i.e., your cell phone) via Google Authenticator 

You only have to establish TFA once, but once it is in place, you will use the authentication codes each time you log into the CMS.

Resetting Your TFA

If you get a new phone or new phone number you may need to reset your 2-factor-authentication. Send an email to the Digital Communications team to request a reset.

The next time you log into Drupal, you will be prompted to set up TFA again. Follow the Google Authenticator steps.