To further protect your profile, you can enable login verification. Login verification adds an extra layer of security using one-time passwords generated by another device (such as your phone). Thus in order to access your profile, an attacker will need to have access to your device as well as knowing your user name and password.

What you need

You will need a device (such as a smartphone) that supports RFC 6238 Time-based One-time Password Algorithm. Examples of smartphone apps support this algorithm include:

  • Google Authenticator
  • Microsoft Authenticator
  • FreeOTP

How to enable

  1. Login verification is implemented in an authentication scheme module called OTPAuthSchemeModule. To enable this module, open the config.php file and add SimpleID\Auth\OTPAuthSchemeModule under modules.
  2. Log in to SimpleID
  3. From the My Profile page, go to the Login Verification box, then click Enable.
  4. Enter the key shown on the page into your device. If your device supports scanning QR codes, you can also scan the QR code shown.
  5. Enter the 6 digit verification code shown on your device and click Verify.

Login verification is then enabled. Every time you attempt to log in using this account, you will be prompted to enter the 6 digit verification code shown on your device.

How to disable

  1. Log in to SimpleID
  2. From the My Profile page, go to the Login Verification box, then click Disable.

How to recover

If login verification is enabled and you have lost the device that generates the verification code, you can recover your account.