Skip to main content

Securing your CMS accounts

Later this month two-factor authentication (2FA) will be turned on across the websites run by the Digital.govt.nz team: Digital.govt.nz, Data.govt.nz and Govt.nz. We’ve decided to require 2FA following CERT NZ guidance on making sure accounts are secure.

If you have a content management system (CMS) login to one of these websites, you’ll need to set up 2FA by 27 September 2019, or you’ll be prompted to do it when you log in. Now is also a good time to change your password.

Resetting your password

It’s a good idea to regularly update your password, and if you haven’t done it in a while, you should do it now. Choose a strong password that you don’t also use on other accounts.

You can change your password by logging in to the admin area. See more instructions for updating your account. You’ll need to do this separately for each of the accounts you might have, including for UAT or test accounts.

Two-factor authentication

How 2FA works

Before you can log into the CMS, a token (verification code) is sent to an app on your mobile phone. You will be asked to enter that token into the CMS log-in field to complete logging in.

Set up 2FA for the first time

If you need to download a 2FA app to your smart phone, you can use:

Follow these steps to set up and activate 2FA for the first time. 

1. Log into the CMS

Log into the CMS by entering your username and password.

Select your account name in the menu on the left (Fig. 1):

Fig. 1. Screen shot of account name on left-hand menu.

Fig. 1. Screen shot of account name on left-hand menu

From the top-bar navigation menu, select ‘Two factor authentication’ on the right (Fig. 2):

Screen shot of top navigation bar with two factor authentication tab.

Fig. 2. Screen shot of two-factor authentication tab

Then select the ‘click to activate’ button to activate 2FA (Fig. 3):

Screen shot showing click to activate button

Fig. 3. Screen show of click to activate button

A pop-up will then appear with a QR code and instructions to scan the code (Fig. 4):

Screen shot showing verification token field on left and activate button

Fig. 4. Screen shot of verification token field and activate button

2. Scan the QR code with your phone

Use your smart phone's verification app to scan the QR code.

Your phone should then display a token (usually 6 digits).

3. Add the token in the CMS

Enter the verification token then press the ‘Activate’ button.

The pop-up window should then close, and you should see ‘Two-Factor Authentication is: ACTIVE’ (Fig. 5):

Screen shot showing two factor authentication is active

Fig. 5. Screen shot of 2FA active status

Now your 2FA is active.

4. What happens next?

You can stay logged into the CMS but the next time you log in you’ll need your phone/verification app.

How to log in with your 2FA

Log into the CMS with your email address and password as you do normally.

Get a new 6-digit security token from your mobile’s verification app.

Enter the security token under ‘Access token’ then press ‘Log in’ (Fig. 6):

Screen shot showing security token field and log in button

Fig. 6. Screen shot showing access token field.

Login or 2FA problems?

If you have any issues enabling 2FA, are unable to log into your account, or no longer need an account, please get in touch with us at info@digital.govt.nz.

On 16 September 2019

Have your say about this page

Is there something wrong with this page?

Last Updated

Page last updated: