Two-Factor Authentication of Developer Account using Google Authenticator
The *Cosync Portal uses the Google Authenticator to provide two-factor authentication as an extra layer of security to control access to a developer account. From the developer’s standpoint, access to the portal must be tightly controlled as it provides access to authentication services to potentially sensitive MongoDB Realm applications. If enabled, the two-factor authentication requires that the developer install the Google Authenticator app on a mobile device. For more information about the Google Authenticator application, please consult this link.
The Google Authenticator works by sending the developer’s device a six-digit code that periodically changes every minute. Only by entering that code during the login process can the developer be granted access to the CosyncJWT portal. Since the code is transient, it cannot be stolen and reused at a later time, but requires that the developer be registered with Google Authenticator, have the app open at the time of login.
To turn on two-factor authentication for a developer account simply toggle the 2-factor authentication button in the profile tab in the interface. You will then be presented a QRCode with the secret key for the Cosync application that can be scanned in by the Google Authenticator app.
If as a developer you are logged out and lose the Google Authenticator code, the only way to get back into your account is to go through the Forgot Password function. Reseting your password through your email account, will turn off two-factor authentication. This can be reactivated once you have logged in with the reset password.