Two-factor authentication (TFA) or two-step verification adds an extra layer of security beyond a password. Acquia recommends enabling TFA on your Acquia ID-supported product accounts, which requires using an authentication app such as Google Authenticator or Authy along with your email and password. TFA is mandatory to access any TFA-enabled application in Acquia. In addition, you can adopt phishing-resistant MFA methods such as FIDO2 tokens or passkeys. These methods use cryptographic credentials that are unique to each service and cannot be stolen through phishing attacks, offering a much higher level of security than current authenticator apps. This MFA method aligns with federal standards such as NIST 800-63B. Acquia ID supports this additional configuration.

Supported mobile authentication applications¶

Acquia supports TFA through the following mobile authentication applications:

• Google Authenticator (Android, iPhone, or BlackBerry)
• Authy (Android or iPhone)
• Microsoft Authenticator (Android or iPhone)
• FreeOTP (Android)
• Other mobile authentication application, as long as it works with the Time-based One-time Password Algorithm (TOTP) (RFC 6238)

Supported biometric or security authenticators¶

Acquia supports TFA through the following options:

• Yubikey 5Ci
• Feitian BioPass
• HID Crescendo smart card
• Windows Hello on Windows 10 1903 and later
• Touch ID on MacBook
• Fingerprint on Android 7.0+
• Other WebAuthn-supported factors

Setting up TFA on your Acquia user account¶

For example, to set up TFA for Cloud Platform:

1. Access https://cloud.acquia.com/ or https://launchpad.acquia.com/.
2. Specify your email ID and password.
3. Click Sign in.
   The system displays the security methods that you can use to set up TFA for your account. If your organization owner or administrator has mandated that you set up TFA, you must configure at least one TFA option. However, you can optionally set up additional TFA methods.

4. Click Set up for one of the following options:

   Authenticator

   Security Key or Biometric Authenticator

   1. Launch your mobile authentication application and scan the QR code. 
      Alternatively, if you are unable to scan the QR code through your application, do the following:
      1. Open the mobile authentication application on your phone or other device.
      2. Click the plus (+) icon.
      3. Click Enter a setup key.
      4. In Account name, enter your Acquia account username.
      5. In Your key, specify the code displayed on the Set up Authenticator page.
   2. In Enter code, specify the verification code displayed in your mobile authentication application.
   3. Click Verify.
      The system sends an email notification to inform you that a security method is added to your account.
   4. Click Continue.
5. To set up additional TFA method, repeat the preceding steps for the option that you did not select earlier.

Adding optional TFA methods¶

After you set up at least one TFA method for the Acquia ID-supported product, you might want to add additional methods. For example, to add an optional TFA method for Cloud Platform:

1. Access https://cloud.acquia.com/ or https://launchpad.acquia.com/.
2. Specify your login credentials and sign in.
3. Click your profile icon at the top right corner.

4. Click Manage Account.

   
5. In Multi-factor Authentication, click the plus icon corresponding to the TFA method that you want to add.
6. Enter your login password and click Verify.
7. Click Set up and do the steps as mentioned in the Setting up TFA on your Acquia user account section.
   This adds the new TFA method to your user account and the system sends an email notification to inform you that a security method is added to your account.

Deleting TFA methods¶

After you set up at least one TFA method for the Acquia ID-supported product, you might want to delete such methods. For example, to delete a TFA method for Cloud Platform:

1. Access https://cloud.acquia.com/ or https://launchpad.acquia.com/.
2. Specify your login credentials and sign in.
3. Click your profile icon at the top right corner.
4. Click Manage Account.
5. In Multi-factor Authentication, click the delete icon corresponding to the TFA method that you want to remove.
6. Enter your login password and click Verify.

7. Verify through the TFA method that you want to delete.

   This removes the existing TFA method from the system and sends an email notification informing the same.

Signing in to any Acquia ID-supported product user interface  ¶

The sign-in experience for any Acquia ID-supported product is governed by it. For example, to sign in to the Cloud Platform user interface:    

1. After you create a Cloud Platform subscription or get your Cloud Platform account created, access the Cloud Platform user interface through https://cloud.acquia.com/ or https://launchpad.acquia.com/. 
   The system displays the following page, which is powered by Acquia ID:

   
2. Enter your credentials and click Sign in.  
3. Based on the TFA method that you set up earlier, perform the necessary verification steps and log in.      
4. If you log in through https://launchpad.acquia.com, access Cloud Platform, and click Launch.
   The system logs you in to Cloud Platform. You do not need to specify your credentials again. 
   However, if you log in through https://cloud.acquia.com, the system displays the Cloud Platform user interface directly.        

Unlocking account    ¶

Acquia ID provides enhanced security, alerting users when their accounts are targeted by malicious actors. If there are multiple failed login attempts, Acquia sends you email notifications to inform you about the suspicious activity. However, you can unlock your account. For example, to unlock your Cloud Platform account:    

1. Access https://cloud.acquia.com/ or https://launchpad.acquia.com/.             

2. Click Unlock account.            

3. Enter the email address that you want to unlock.                   

4. Select one of the following options: