Two Factor Authentication Topic is solved

[davidh221]

How do you receive your TFA code if you do not have your mobile phone. Is there an option in the setup for the code to be sent to an email address or landline either instead of a mobile phone or as well as a mobile phone. I am using Joomla 3.10.8

[Webdongle]

Use one of your gmail backup codes?

[AMurray]

Yes, you should have seen the one-time use emergency passcodes.
https://docs.joomla.org/J3.x:Two_Factor_Authentication

A bit late to shut the stable door, after the horse has bolted (so to speak), so I don't know what the next step would be.

[Webdongle]

Have you lost your phone permanently or do you just want an alternative to the phone?
If the former then report it stolen, buy another phone and get your network provider to send you a new sim.

[davidh221]

No I have not lost my mobile phone, but I do not want to be reliant on one device. I need 24/7 access to my website, in other words around the clock, which is why I need a fall back solution just in case.
I have not set up the TFA yet, just thinking ahead. Because I could not find how the TFA works in detail which is why I am asking before I set it up. The basic process is explained, but not the detail.
I could not find anywhere how you get these codes before I go ahead and implement TFA. How do you get a gmail back up code. Is there anyway of testing the system to see how it works without actually implementing the TFA. I know how the technical engineering side of the mobile system works as I work in that industry for many years.
Thanks.

[Webdongle]

... I need 24/7 access to my website, in other words around the clock, which is why I need a fall back solution just in case....

That's what the backup codes are. You can only use each one once but you can generate new ones when you need to.

[AMurray]

You generate the backup codes, once you have activated 2FA, not before and its advisable to print them and keep them somewhere safe.

You can use the authenticator app or Yubikey in the Joomla default plugin.

An alternative is Akeeba LoginGuard, which has more authenticator methods:

• Authenticator App
• YubiKey
• Webauthn
• Pushbullet
• Text Message
• Email

I believe you can set up more than one of the above methods simultaneously. When logging on, it will list the 2FA methods you activated, you choose whichever one you want to use, it will generate the code, and you input the code from whichever method you've used. e.g. will send you the SMS or email with the code, or use the code generated by the app, etc.

[davidh221]

Thanks A Murray, your suggestion using Akeeba LoginGuard was very useful. Having read through the documentation which goes into a lot of detail left me feeling happier about using a 'Two Step Verification' system.
Thank you again for your time.
Best regards
David.

[Per Yngve Berg]

I installed an topp app on my Linux station. It's in the Ubuntu repository.

Exported the Keys from the Google Authenticator and imported. I now have it on two device. Some TOTP providers also provide sync between your devices.