Using two-step verification with your Acquia user account

What is two-step verification?

Two-step verification (sometimes called two-factor authentication, or TFA) is more secure than password authentication alone. With two-step verification enabled, a user signing in to the Acquia Cloud interface must supply not just a user email address and password, but also a code sent to a trusted device, using either an authentication application or an SMS text message.

The Acquia Cloud interface requires you to sign in again if it has been more than 90 minutes after the last time you signed in.

Setting up two-step verification on an Acquia user account

When you sign in to the Acquia Cloud interface, you are directed to the Two-Step Verification setup page. You can also enable or disable two-step verification at any time from your Acquia Profile, as described in Modifying two-step verification settings. To set up two-step verification, do the following:

  1. Select how you want to receive verification codes (mobile authentication application or text message). Using a mobile authentication application is recommended. Using text messages is possible only for US or Canada phone numbers that can receive SMS messages.

    Setting up two-step verification

  2. Enter your Acquia password.
  3. Click Begin to go to the next page.
  4. The two-step verification setup process will continue based on the method that you selected for your verification codes:
    • Using a mobile application

      If you selected Mobile Application as your verification method, complete the following steps:

      1. Select the mobile authentication application that you want to use, and then click Continue to go to the next page. See Supported mobile authentication applications.
      2. Open your mobile authentication application on your phone or other device. Either point it at the QR code displayed on the Two-Step Verification Code page, or enter the Acquia Text Code.
      3. In the Application verification code field on the Two-Step Verification Code page, enter the verification code displayed by your mobile authentication application.

      Supported mobile authentication applications

      Acquia two-step verification supports the following mobile authentication applications:

      In addition, you can use any other mobile authentication application, as long as it works with the Time-Based One-Time Password Algorithm (TOTP) (RFC 6238).

    • Using text messages

      If you selected Text Messages (SMS) as your verification method, compete the following steps:

      1. Enter your mobile telephone number. This number must be a US or Canada number and must be able to receive SMS messages. Standard carrier rates may apply.
      2. Click Send code.
      3. You will receive a verification code at the phone number you specified. Enter it in the SMS verification code field, and then click Verify.

Marking your browser as trusted

After you enter your verification code, you can optionally mark as trusted the browser on the device that you used to set up two-step verification. When you mark the browser as trusted, Acquia stores your browser information. You can then sign in to the Acquia Cloud interface from this browser on the same device with just a user name and password for 30 days. After 30 days, you will need to enter a verification code once again.

To mark a browser as trusted, complete the following steps:

  1. Optionally, enter a name for this browser on this device. If you don't provide a custom name, the Acquia Cloud interface uses the name of the browser (for example, Firefox or Chrome).

    Trust a browser

  2. Click Trust.

To mark a browser as no longer trusted, complete the following steps:

  1. Click your name in the upper right of the Acquia Cloud interface, and then click the Edit profile link to open your Acquia profile.
  2. In your Acquia profile, click the Credentials tab.
  3. On the Credentials page, in the Two-Step Verification section, find your browser in the Trusted browsers list.
  4. Click the Remove link for the browser you no longer want to trust.

Setting up a fallback method

After you set up two-step verification, you should then set up a fallback method. This is optional, but strongly recommended. If you set up a mobile authentication application as your primary method of verification, then SMS text message is your fallback method, and vice versa.

If you set up a mobile authentication application as your primary method of verification, complete the following steps:

  1. Enter your mobile telephone number. This number must be a US or Canada number and must be able to receive SMS messages. Standard carrier rates may apply.
  2. Click Set up fallback.
  3. You will receive a verification code at the phone number you specified. Enter it in the SMS verification code field, and then click Continue.

Using your fallback method

To use your fallback method, when you are prompted for a verification code, click the Having trouble? link. Acquia then sends a verification code using your fallback method. Enter this code and click Verify.

Recording your recovery codes

As another form of fallback verification, when you set up two-step verification, Acquia creates a set of recovery codes that you can use to gain access to your account when you don't have your phone available. You should print or write them down and store in a secure place. It is strongly recommended that you do not store your recovery codes on a device.

You can view your recovery codes if you are already signed in to the Acquia Cloud interface, on your Profile > Credentials page.

Using a recovery code

To use a recovery code, complete the following steps:

  1. Sign in to the Acquia Cloud interface with your email and Acquia password.
  2. Click the Having trouble? link or Don't have your code? link when prompted for your verification code.
  3. Enter your recovery verification code and click Recover.

After you have recorded your recovery codes, click Finish.

Modifying two-step verification settings

You can modify your two-step verification settings at any time. To do so:

  1. Click your name in the upper right of the Acquia Cloud interface, and then click the Edit profile link to open your Acquia profile.

    Editing profile credential settings

  2. In your Acquia profile, click Credentials.
  3. On the Credentials page, in the Two-Step Verification section, edit the settings you want to change.

You can change your primary and fallback verification methods (mobile authentication application or SMS text message), phone number, or trusted browsers. You can also view your recovery codes.

Authorizing a new device

If you get a new phone, you can install the mobile authentication application of your choice on the new phone and then modify your Profile > Credentials settings in the Acquia Cloud interface with a new verification code. That, of course, assumes that you can still sign in to the Acquia Cloud interface without a verification code, which you can do if you have marked your browser as trusted and your browser is still within the 30 days' trusted period. If that is not the case and you need to enter a verification code to sign into the Acquia Cloud interface, you can:

If neither of these methods works or is available to you, click the Still having trouble? Contact us link to obtain a phone number which you can use to contact Acquia Support.

Contact supportStill need assistance? Contact Acquia Support