What is Two-Step Verification?

Two-Step Verification, a.k.a. Two Factor Verification (2FA), makes your account more secure by requiring two things in order to log in: something you know and something you own.

How does it work?

"Something you know" is your username and password, while "something you own" can be an application to generate a temporary code.

It is strongly recommended that you set up 2FA on your AnyHow account in your profile Two-Step Verification page.

Users who have chosen to set up 2FA will be asked to provide their second method of identity verification during the log in process.

How does 2FA with an authentication application (TOTP) work?

AnyHow users can set up 2FA using any authentication application that supports the TOTP standard.

TOTP authentication applications generate a regularly changing authentication code to use when logging into your account.

Because TOTP is an open standard, there are many applications that are compatible with your AnyHow account. Popular applications include:

For security reasons, AnyHow only allows you to set up one application per account.

How do I set it up on AnyHow?

To set up 2FA with an authentication application:

  1. Open an authentication (TOTP) application.
  2. Log in to your AnyHow account, go to your Manage Profile page, and click Enable 2FA in "Two-Step Verification (2FA)" section.
  3. AnyHow will generate a secret key, specific to your account. This is displayed as a QR code, and as a key code.
  4. Scan the QR code with your authentication application, or type it in manually. The method of input will depend on the application you have chosen.
  5. Your application will generate an authentication code - use this to verify your set up on AnyHow.
  6. The AnyHow server and your application now share your AnyHow secret key, allowing your application to generate valid authentication codes for your AnyHow account.

Next time you log in to AnyHow you'll need to:

  1. Provide your username and password, as normal.
  2. Open your authentication application to generate an authentication code.
  3. Use this code to finish logging into AnyHow.

Note: If you lose your authentication application and can no longer log in, you may permanently lose access to your account. You should securely store generated Backup Verification Codes to regain access in that event.

How does 2FA with a Backup Verification Codes work?

If you lose access to your authentication application, you can use these codes to sign into AnyHow.

Backup codes are one time use and are generated when you enable 2FA in AnyHow. They are not a substitute for an authentication application and should only be used for recovery. After using a backup code to sign in, it becomes inactive. When you enable 2FA in AnyHow, backup codes will be shown to you, copy and store the codes in a safe location.

To generate new backup codes:

  1. Log in to your AnyHow account, go to your profile Two-Step Verification page, and choose Generate New Codes.
  2. Securely store the displayed codes! Consider printing them out and storing them in a safe location or saving them in a password manager.

To sign in with a recovery code:

  1. Provide your username and password, as normal.
  2. When prompted for Two-Step Verification, enter one of your backup codes.
  3. As each code can be used only once, you might want to mark the code as used.
  4. If you have few recovery codes remaining, you may also want to generate a new set using the Generate New Codes button in your account settings.