Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Two-factor authentication (2FA) increases the security of our CMS by asking you for a code in addition to your password.

Setting up 2FA

  1. Navigate to your CMS login screen (e.g. content.vic.gov.au)

  2. Enter your username and password and click ‘Log in’.

  3. You’ll see a warning message ‘You need to enable Two Factor Authentication’.

    image-20240910-054914.png

  4. Click on the ‘Enable Email OTP’ link. You’ll be asked to enter your password again.

  5. Tick the checkbox and click ‘Save’.

    image-20240910-032804.png

  6. The screen will change to show ‘TFA enabled’. You can then start working in the CMS.

    image-20240910-061820.png

  7. The next time you log in, you’ll see the following screen. You’ll see that the Verify button is greyed out. Click the Send button. (The screen will refresh and the Verify button will now be blue and available.)

    image-20240910-055319.png

  8. Go to your mail app/site and find the email with the code. Copy the code into the field and click on Verify.

  9. If you didn’t enter the code from your email before it expired, you can click the Resend button.

  • Each code sent to your email is set to expire after 10 minutes.

  • Each code expires after it is used.

Before you set up your 2FA, it’s important that your user account has your current email address.

You can check and update this by clicking on your username at the top of the screen and then Edit profile.

  1. image-20240910-043403.png

  1. Enter your current password

  2. Select ‘Confirm’

  3. Select and download your preferred 2FA application. If you already have a 2FA application, open it and look for the ‘add account’, ‘add token’ or a plus (+) symbol.

  1. Scan the QR code or enter 16-character code into the 2FA service. This will generate a 6-digit verification code.

  2. Enter the 6-digit code into the 'Application verification code' field in the CMS.

  3. Select 'Verify and save'.

This completes your 2FA setup.

To check if your 2FA is set up correctly, go to the 2FA tab on your profile page. It should say ‘Status: 2FA enabled’.

Recovery codes

As part of the 2FA set-up, you can generate one-time use recovery codes, which can be used in case you lose access to your 2FA application.

  1. Under the 2FA tab of your profile, select ‘Generate codes’.

  2. Enter your password when prompted.

  3. You will now see a set of 10 recovery codes. Copy and store these in a safe place so that you won’t lose them, and so that no one else can find them.

  1. Press ‘Save codes to accounts’.

You can view these recovery codes at any time from the 2FA tab in your profile settings.

Just select ‘show codes’ and enter your password when prompted.

Using your recovery codes

If you lose access to your 2FA application, you’ll need to use one of your recovery codes.

When asked for your application verification code, select ‘2FA Recovery Code’ under ‘Having trouble?'

Then enter one of your recovery codes when prompted and select verify.

Resetting your 2FA application

You can reset your 2FA application if you're switching to another 2FA service.

  1. In the CMS, select your username in the top left corner.

  2. Select ‘View profile’.

  1. Select '2FA' tab.

  2. Select ‘Reset application’.

  1. Enter your current password.

  2. Select ‘Confirm’.

The 2FA setup screen now displays. Now you can begin setting up your new 2FA.

If you press ‘Cancel’, you'll return to the 2FA tab. Your previous 2FA method will remain enabled.

Troubleshooting and getting help

Failed validation limit reached

You get 6 attempts within a 5-minute period to get your 6-digit 2FA verification code correctly.

If you get all 6 attempts wrong, you will see:

Error message:

Failed validation limit reached. 6 wrong codes in 5 min. Try again later.

If you reach the validation limit:

  1. Wait 5 minutes.

  2. Go to your CMS log in screen and try again.

    1. Refreshing or trying to log in again on the page you received the ‘failed validation limit’ page will result in a ‘page not found’ error.

If you are still receiving the ‘failed validation limit reached’ message after waiting 5 minutes, fill out an SDP support request. Be descriptive in your request so we can assist you as quickly as possible.

Losing or getting a new mobile device

If you lose your mobile device or get a new one, you won’t have access to your 2FA application.

If you set up your 10 one-time use recovery codes, use one of these to log in to your account.

If you lost your recovery codes or never received any, fill out an SDP support request.

No mobile device

If you do not have a mobile device, download ‘Protecc’ from the Windows store if you’re using a Windows computer, or ‘Authenticator 2FA | Sentinel' from the app store if you’re using a Mac.

2FA application already in use for another service

If you already use one of the 2FA applications for another account, you can still use the same app.

Look for the ‘add account’, ‘add token’ or a plus symbol on your application to add an additional 2FA service.

Ensure you use your government email associated with your CMS account if you are prompted to give an email address by any of the 2FA applications.

 

 

  • No labels