To secure your access to the Testlio platform and ensure it is really you logging into your account, you need to set up an authenticator app for temporary passwords for second-factor authentication (2FA). Once you do so, you can no longer use your phone number for logging into the Testlio platform.
To ensure you keep access to your account, set up 2FA with 2 devices (your phone and your computer) so losing access to one device doesn’t mean losing access to the Testlio platform.
How the Authenticator App Works
The authenticator app works based on time-based one-time password (TOTP), an algorithm for authenticating users. It adds a rotating, app-generated code to the login process.
It is more secure and reliable than SMS-based 2FA because codes are generated locally on your device and are not dependent on mobile networks. This means it works even when your device is offline, as long as your device time is accurate.
TOTP is time-based. Each code is valid for only 30 seconds to reduce the risk of reuse by attackers.
What You Need
It is important to set up 2FA on 2 devices (phone and computer) to make sure you don’t get locked out of your account if you lose access to one of them.
A compatible authenticator app on your phone: Google Authenticator, Microsoft Authenticator, Authy, or similar.
A compatible password manager that handles TOTP on your computer (such as 1Password or BitWarden).
A secure place to store recovery codes (such as your password manager).
Set Up Authenticator App
Your authenticator app takes precedence over text message (SMS) 2FA. Once you turn on the authenticator app, you no longer receive texts with login codes and can only use the authenticator app or a recovery code.
In the Testlio platform, open your profile.
By the basic info, click Edit profile.
Under Security next to Authenticator application, click Set up.
Using your password manager on your computer, either scan the QR code or enter the key manually.
Using your authenticator app on your phone, either scan the QR code or enter the key manually.
Enter the 6-digit code from either and click Confirm.
Download or copy the recovery codes.
Save the recovery codes in your password manager.
Select that you have saved the codes.
Click Confirm.
Your recovery codes are crucial if you lose your device, change phones, or accidentally delete the authenticator app. Store them securely. See Good Security Practices.
Log In with Authenticator App
On the login screen, enter your username and password.
Click Log in.
When prompted for a code from your authenticator app, enter the current 6-digit code from the app (either of the two that you set up).
Codes refresh every 30 seconds. If a code fails, wait for the next code and retry. See also Troubleshooting.
Click Verify.
You enter the Testlio platform.
Use Recovery Codes (If You Can’t Access Your Device)
Each recovery code is valid for a single use: once you use it, you can’t use it again.
To log in with a recovery code, follow these steps:
On the login screen, enter your username and password.
Click Log in.
Enter one of your codes.
Click Verify.
You enter the Testlio platform. If you are using a recovery code because you lost access to your device or authentication application, follow the steps to set up a new authenticator app.
Regenerate Recovery Codes
Because each recovery code is valid for only a single use, using them may lead to not having many left. Regenerate codes so you don’t run out. Note that regenerating codes invalidates existing codes and authentication connection.
Generate new codes by following these steps:
In the Testlio platform, open your profile.
By the basic info, click Edit profile.
Under Security next to Authenticator application, click Turn off.
Enter a code from your authenticator app or an existing recovery code.
Click Confirm.
Follow the steps to set up a new authenticator app.
Handle Device Changes
Add a New Device
Turn off the existing authenticator application. Then follow the steps for setting up an authenticator app on the new device.
Lost Device (or Reset Device or Deleted Authenticator App)
If you have lost the device where you had an authenticator app set up, use the TOTP from your computer. And if you lose access to your computer, use the app from your device.
Otherwise, you need to use 2 recovery codes to reset your 2FA.
Use the first recovery code to log in. Then follow the process for regenerating recovery codes, which requires a second recovery code to verify.
Account Recovery
If you lose access to your device and also have lost your recovery codes, write to support@testlio.com from your Testlio email address. This starts a process to verify your identity and recover your account.
Troubleshooting
Code not accepted: Ensure your phone’s time is set to automatic/network time. TOTP depends on accurate device time.
Clock drift: If codes are often rejected near expiry, wait for the next 30-second window before retrying.
Good Security Practices
Do not store recovery codes on the same device as your authenticator app without proper encryption. If any code is exposed, regenerate a fresh set immediately from your security settings.
Store recovery codes in a reputable password manager with strong master password protection.
Enable device-level screen lock and biometric authentication on your device running the authenticator app.
Never drop below 3 valid recovery codes. You need at least 2 recovery codes to reset your access if you lose it, so be sure to regenerate codes when you start to run low.