Two-factor authentication (2FA)

Securing your GrapheneDB account

Two-factor authentication (2FA) adds an extra layer of security to your GrapheneDB account.

Once enabled, you’ll be asked to verify your identity each time there is an attempt to sign in to your account. In order to verify your identity, you will be asked to enter a one-time verification code.

This extra layer of security means even if your password is compromised or stolen, malicious login attempts will be blocked if the necessary verification code is not provided.

For these reasons, we strongly encourage all users to turn on 2FA for their accounts.

Enabling two-factor authentication

Before you begin, please make sure that you’ve downloaded an authenticator app for your phone. We recommend Google Authenticator (Android, iOS) or Authy (Android, iOS). Alternatively, you can also receive verification codes via SMS.

To turn on two-factor authentication on GrapheneDB, please navigate to the Account section and click on Enable 2FA button at the end of the Settings page.

A new window will be displayed. Please follow the instructions to activate 2FA:

1. Scan the code and enter the validation code from your authenticator app

When you scan the QR code generated on our website, the authentication application of your choice will generate a verification code. This code is used to sync your account with our servers, and generate subsequent verification codes. Enter this code on and click Continue.

2. Download recovery codes

We will show you a list of 10 alphanumeric recovery codes. These codes are a fallback mechanism so you can log in to GrapheneDB should you lose access to app or phone.

Please, copy or download these codes and keep them safe! If you can't access your device for any reason, you will need them to access your account again.

3. Adding a fallback phone number

In addition to your authenticator application, you can also add a fallback phone number to your account. This would ensure you would have a backup way to verify your identity should you lose access to your authenticator app (your phone gets stolen or wiped).

An SMS can be sent to the phone number during login to recover access to your account in case you lose access to your authenticator app (e.g. if your phone is wiped) and you don’t have access to your recovery codes (see below).

Managing recovering options

Recovery codes

Recovery codes are provided as a backup way to verify your identity should you lose access to the application you typically use to authenticate. We will provide you with a list of 10 recovery codes after 2FA is enabled on your account. These codes are only shown once, therefore we strongly recommend that you copy/download them and keep them safe.

Regenerating recovery codes

If for any reason your recovery codes are lost or compromised, you can regenerate them. This action will invalidate the old recovery codes and you should copy/download the new recovery codes.

To regenerate recovery codes, navigate to the Account menu, scroll down to the Two-factor authentication section and click on Create new recovery codes.

Managing your fallback phone number

Adding a fallback phone number

If you did not add a fallback phone number during activation, you’ll be able to add it anytime from the Two-factor authentication section.

Once your phone is validated, you will see this reflected in the Two-factor authentication section.

Editing and removing your fallback phone number

If you have successfully added a fallback phone number, you will be able to edit the number or remove it at anytime from the Two-factor authentication section.

Disabling two-factor authentication

You can disable two-factor authentication by clicking on Disable 2FA button in the Two-factor authentication in the Settings page.

Signing in with 2FA

With 2FA enabled, you will be asked to provide a 2FA authentication code in addition to your password, when signing in to GrapheneDB.

By default, the 2FA authentication code will be generated by a time-based one-time password application (TOTP). If you have configured a fallback phone number, you can also have a code delivered to your phone via SMS.

Using a TOTP application

Once you have configured a TOTP application on your smartphone, such as a Google Authenticator or Authy, the app can generate a 2FA authentication for GrapheneDB at any time.

After entering your email address and password, you’ll be asked for a two-factor authentication code. In most cases, launching the application will generate a new code. Please refer to your application’s documentation for specific usage instructions.

Should you lose your phone or delete the application from your phone, you’ll need to use a recovery code or a code sent to your fallback phone (if you have configured any) to access your account.

Using your fallback number

If you have configured a fallback phone number, you’ll be able to get an SMS in case you don’t have access to your TOTP app, by clicking on get a code via SMS.

Please enter the 6-digit code you should have received via SMS. If you don’t receive an SMS within a couple of minutes, you can retry the operation, by clicking on Resend SMS.

Using recovery codes

After entering your credentials in the login page, you will be requested to enter your two-factor code. In case you can’t access your authenticator app, you can use your recovery codes by clicking on the bottom link Enter a recovery code.

Please note:

each recovery code is only valid once. Ensure you will have valid codes to enter next time by regenerating them as needed.

Recovering from a lockout

Please don’t reset your password if you have been locked out due to a 2FA issue.

To prevent a lockout, we strongly encourage you to always keep a copy of your recovery codes safe, and to add a fallback phone number.

If you have lost access to your authenticator app and recovery codes, and you didn’t add a fallback phone number, please contact us at account-lockout@graphenedb.com.

We will try to verify the ownership of your account to the best of our ability.