Later this month two-factor authentication (2FA) will be turned on across the websites run by the Digital.govt.nz team: Digital.govt.nz, Data.govt.nz and Govt.nz. We’ve decided to require 2FA following CERT NZ guidance on making sure accounts are secure.
If you have a content management system (CMS) login to one of these websites, you’ll need to set up 2FA by 27 September 2019, or you’ll be prompted to do it when you log in. Now is also a good time to change your password.
Resetting your password
It’s a good idea to regularly update your password, and if you haven’t done it in a while, you should do it now. Choose a strong password that you don’t also use on other accounts.
You can change your password by logging in to the admin area. See more instructions for updating your account. You’ll need to do this separately for each of the accounts you might have, including for UAT or test accounts.
How 2FA works
Before you can log into the CMS, a token (verification code) is sent to an app on your mobile phone. You will be asked to enter that token into the CMS log-in field to complete logging in.
Set up 2FA for the first time
If you need to download a 2FA app to your smart phone, you can use:
Follow these steps to set up and activate 2FA for the first time.
1. Log into the CMS
Log into the CMS by entering your username and password.
Select your account name in the menu on the left (Fig. 1):
From the top-bar navigation menu, select ‘Two factor authentication’ on the right (Fig. 2):
Then select the ‘click to activate’ button to activate 2FA (Fig. 3):
A pop-up will then appear with a QR code and instructions to scan the code (Fig. 4):
2. Scan the QR code with your phone
Use your smart phone's verification app to scan the QR code.
Your phone should then display a token (usually 6 digits).
3. Add the token in the CMS
Enter the verification token then press the ‘Activate’ button.
The pop-up window should then close, and you should see ‘Two-Factor Authentication is: ACTIVE’ (Fig. 5):
Now your 2FA is active.
4. What happens next?
You can stay logged into the CMS but the next time you log in you’ll need your phone/verification app.
How to log in with your 2FA
Log into the CMS with your email address and password as you do normally.
Get a new 6-digit security token from your mobile’s verification app.
Enter the security token under ‘Access token’ then press ‘Log in’ (Fig. 6):
Login or 2FA problems?
If you have any issues enabling 2FA, are unable to log into your account, or no longer need an account, please get in touch with us at firstname.lastname@example.org.
16 September 2019