Two Factor Authentication (2FA , MFA, OTP SMS and Email)

FAQ

How do I gain access to my website if I get locked out using multi-factor authentication?

You can obtain access to your website by one of the below options:

1. If you have an additional administrator account whose Two Factor (2FA) is not enabled yet, you can login with it.
2. If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
3. Rename the plugin from FTP – this disables the Two-Factor (2FA/TFA) plugin and you will be able to login with your WordPress username and password.

For detailed information, Please check on our website.
You can also check our video Tutorial:

I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method?

You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]

I want to enable Two Factor Authentication (2FA/TFA) role-wise?

You can select the roles under the Login Settings tab to enable the plugin role-wise. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA/TFA) for all users, what happens if an end-user tries to login but has not yet registered?

If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.

I want to enable only one authentication method for my users. What should I do?

You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]

I did not receive OTP while trying to register with miniOrange. What should I do?

The OTP is sent to the email address with which you have registered with miniOrange. If you can’t see the email from miniOrange in your emails, please make sure to check your SPAM folder. If you don’t see an email even in the SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I want to configure the 2nd factor by Google Authenticator.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Google Authenticator App. Enter the 6-digit code in the textbox and click on Save and verify button.

I want to configure the 2nd factor by the Authy 2-Factor Authentication(2FA/TFA) App.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Authy 2-Factor Authentication (2FA/TFA) App. Enter the 6-digit code from the Authy App into the textbox available and click on Save and Verify button.

I forgot the password of my miniOrange account. How can I reset it?

There are two cases according to the page you see –
1. Login with miniOrange screen: You should click on the forgot password link. You will get a new password on your email address with which you have registered with miniOrange. Now you can login with the new password.
2. Register with the miniOrange screen: Enter your email ID and any random password in the password and confirm the password input box. This will redirect you to log in with a miniOrange screen. Now follow the first step.

I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2 factors?

If you have a custom login form other than wp-login.php then we will provide you with the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two factors with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com for more details.

I have a Woocommerce theme login page on my site. How can I enable Two Factor?

If you have Woocommerce theme login then go to Advanced Options Tab and check Enable Two-Factor for Woocommerce Front End Login. If you need any help setting up 2-Factor for your Woocommerce theme login form, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins?

The limit login attempt kind of plugin limits the number of login attempts and blocks the IP temporarily. So if you are using 2 factors (2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don’t get locked out yourself.

If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.

Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

If you are using any render-blocking javascript and CSS plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank.

If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

My users have different types of phones. What phones are supported?

We support all types of phones. Smart Phones, Basic Phones, Landlines, etc. Go to Setup Two-Factor Tab and select the Two-Factor method of your choice from a range of 8 different options.

What if a user does not have a smartphone?

You can select OTP over SMS, Phone Call Verification, or Email Verification as your Two-Factor method. All these methods are supported on basic phones.

What if a user does not have a phone?

You can select Email Verification or Security Questions (KBA) as your Two-Factor method.

What if I am trying to login from my phone?

If your Security Questions (KBA) are configured then you will be asked to answer them when you are logging in from your phone.

I want to hide the default login form and just want to show login with my phone?

You should go to Login Settings Tab and check Login with Phone Only checkbox to hide the default login form.

I want to hide the default login form and just want to Google Authenticator OTP field?

You should go to Login Settings Tab

My phone has no internet connectivity and is configured 2nd factor (2FA) with the miniOrange App, how can I log in?

You can login using our alternate login method. Please follow the below steps to login:

• Enter your username and click on login with your phone.
• Click on Phone is Offline? button below QR Code.
• You will see a textbox to enter a one-time passcode.
• Open the miniOrange Authenticator App and Go to Soft Token Tab.
• Enter the one-time passcode shown in the miniOrange Authenticator App in the textbox, just like Google authenticator.
• Click on submit button to validate the OTP.
• Once you are authenticated, you will be logged in.

My phone is lost, stolen, or discharged. How can I login?

You can login using our alternate login method apart from 2FA. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select “Send a one-time passcode to my registered email” to authenticate by OTP Over Email or Select “Answer your Security Questions (KBA)” to authenticate by knowledge-based authentication.

My phone has no internet connectivity and I am entering the one-time passcode from the miniOrange Authenticator App, it says Invalid OTP?

Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under ‘Time correction for codes’ to sync your time with miniOrange Servers. If you still can’t log in then please email us at info@xecurify.com or Contact us. Soft Token method is just like google authenticator method.

I am upgrading my phone.

You should go to Setup Two Factor (2FA) Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.

What If I want to use any other second factor (2FA) like OTP Over SMS, Security Questions, Device Id, etc?

miniOrange authentication service has 15+ authentication methods. One-time passcodes (OTP) over SMS, OTP over Email, OTP over SMS and Email, Out of Band SMS, Out of Band Email, Soft Token, Push Notification, Security Questions, Mobile Authentication (QR Code Authentication), Phone Verification, Device Identification. To know more about authentication methods, click here. If you want to have any other 2-factor for your WordPress site, please email us at info@xecurify.com or Contact us.