To secure your access to the Testlio platform and ensure it is really you logging into your account, you need to set up an authenticator app for temporary passwords for second-factor authentication (2FA). Once you do so, you can no longer use your phone number for logging into the Testlio platform.
To ensure you keep access to your account, set up 2FA with 2 devices (your phone and your computer) so losing access to one device doesn’t mean losing access to the Testlio platform.
How the Authenticator App Works
The authenticator app works based on time-based one-time password (TOTP), an algorithm for authenticating users. It adds a rotating, app-generated code to the login process.
It is more secure and reliable than SMS-based 2FA because codes are generated locally on your device and are not dependent on mobile networks. This means it works even when your device is offline, as long as your device time is accurate.
TOTP is time-based. Each code is valid for only 30 seconds to reduce the risk of reuse by attackers.
What You Need
It is important to set up 2FA on 2 devices (phone and computer) to make sure you don’t get locked out of your account if you lose access to one of them.
A compatible authenticator app on your phone: Google Authenticator, Microsoft Authenticator, Authy, or similar.
A compatible password manager that handles TOTP on your computer (such as 1Password or BitWarden).
A secure place to store recovery codes (such as your password manager).
Set Up Authenticator App
Your authenticator app takes precedence over text message (SMS) 2FA. Once you turn on the authenticator app, you no longer receive texts with login codes and can only use the authenticator app or a recovery code.
In the Testlio platform, open your profile.
By the basic info, click Edit profile.
Under Security next to Authenticator application, click Set up.
For each device you want to add (password manager on your computer, authenticator app on your phone), either scan the QR code or enter the key manually.
Enter the 6-digit code from any device you have added and click Confirm.
Download or copy the recovery codes.
Save the recovery codes in your password manager.
Select that you have saved the codes.
Click Confirm.
Your recovery codes are crucial if you lose your device, change phones, or accidentally delete the authenticator app. Store them securely. See Good Security Practices.
Log In with Authenticator App
On the login screen, enter your username and password.
Click Log in.
When prompted for a code from your authenticator app, enter the current 6-digit code from the app (either of the two that you set up).
Codes refresh every 30 seconds. If a code fails, wait for the next code and retry. See also Troubleshooting.
Click Verify.
You enter the Testlio platform.
Use Recovery Codes (If You Can’t Access Your Device)
Each recovery code is valid for a single use: once you use it, you can’t use it again.
To log in with a recovery code, follow these steps:
On the login screen, enter your username and password.
Click Log in.
Enter one of your codes.
Click Verify.
You enter the Testlio platform. If you are using a recovery code because you lost access to your device or authentication application, follow the steps to set up a new authenticator app.
Regenerate Recovery Codes
Because each recovery code is valid for only a single use, using them may lead to not having many left. Regenerate codes so you don’t run out. Note that regenerating codes invalidates existing codes and authentication connection.
Generate new codes by following these steps:
In the Testlio platform, open your profile.
By the basic info, click Edit profile.
Under Security next to Authenticator application, click Turn off.
Enter a code from your authenticator app or an existing recovery code.
Click Confirm.
Follow the steps to set up a new authenticator app.
Handle Device Changes
Add a New Device
You can only add new devices when initially setting up an authenticator app. This means that to add a new device (whether a second device or a replacement for the first), you first need to turn off the existing app. To do so, you need to confirm the action using your already setup authenticator app.
Once your existing authenticator application is off, follow the steps for setting up an authenticator app on the new device.
Lost Device (or Reset Device or Deleted Authenticator App)
If you have lost the device where you had an authenticator app set up, use the TOTP from your computer. And if you lose access to your computer, use the app from your device.
Otherwise, you need to use 2 recovery codes to reset your 2FA.
Use the first recovery code to log in. Then follow the process for regenerating recovery codes, which requires a second recovery code to verify.
Troubleshooting
If your codes aren’t working, try these actions:
Fix the device time: Ensure your device time is set to automatic/network time. TOTP depends on accurate device time and slight differences in times can cause the codes to stop working.
See examples of what to do with the Google Authenticator app.
Wait for the next code: If codes are often rejected near expiry, wait for the next 30-second window before retrying.
Account Recovery
If you have codes but they aren’t working, first try troubleshooting.
If you lose access to your device and also have lost your recovery codes, write to support@testlio.com from your Testlio email address. This starts a process to verify your identity and recover your account.
Good Security Practices
Do not store recovery codes on the same device as your authenticator app without proper encryption. If any code is exposed, regenerate a fresh set immediately from your security settings.
Store recovery codes in a reputable password manager with strong master password protection.
Enable device-level screen lock and biometric authentication on your device running the authenticator app.
Never drop below 3 valid recovery codes. You need at least 2 recovery codes to reset your access if you lose it, so be sure to regenerate codes when you start to run low.