Multi-factor Authentication with the BioID Account

event_note June 01, 2016

Single-Factor Authentication

If you choose not to enable multi-factor authentication, you can log in with your choice of password or biometrics.

Either enter your user name and password, or leave the password blank and you’ll be sent to biometric verification. Single-factor authentication with only security code is not available.

Single-Factor Authentication

With single-factor authentication you can log in with either password or biometrics.

Multi-factor Authentication

BioID supports multi-factor authentication – authentication that relies on more than one credential. With multi-factor authentication enabled, to log in you will need two of the following:

  • Password (something you know)
  • Biometrics (something you are)
  • Security code delivered by TOTP app (e.g. Google or Microsoft Authenticator), SMS text message or email (something you have)

If you enter a (correct) password you are sent to biometric verification. If verification succeeds you are done. If it fails multiple times, you will receive a security code via either TOTP app, SMS text message or email (in that order), depending on which you have enabled.

Alternately, if you leave the password field blank you are sent to biometric verification. If verification succeeds you will receive a security code via either TOTP app, SMS text message or email (in that order), depending on which you have enabled.

Multi-factor Authentication

Multi-factor authentication gives you a choice of authentication methods.

If you have multi-factor authentication enabled, and either omit your password or fail biometric verification, you will need to enter a one-time security code to log in. The security code is available through only one channel as follows:

  • If you have a TOTP app such as Google Authenticator synced with your BioID account, the code is available in this app.
  • If you do not have a TOTP app synced but you have provided a mobile phone number, the code will be sent to you via SMS text message.
  • If neither of the above is enabled, the code will be sent to your registered email address.

Time-based one-time passwords (TOTP) are temporary passwords typically used for multi-factor authentication. BioID supports TOTP through mobile apps such as Google Authenticator, Authy, or Authenticator for Windows Mobile. This is considered a highly secure method to deliver one-time security codes, since the code is generated directly on your device. It even works when your device is offline.

To begin you must sync your authenticator app with your BioID account:

  • Go to Profile →  Multi-factor → Time-based one-time password (TOTP) and select Synchronize.
  • Open your authenticator app and scan the QR code displayed.
  • Your app will generate a security code. Enter this on the TOTP Sync page and select Submit. 
  • Your app is now synced with your BioID account.

Time-Based One-Time Passwords

Now, any time BioID requires you to enter a security code, simply open your authenticator app and enter the code shown for BioID.