X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=doc%2FTwo-Factor-Authentication.md;h=b413f9f2537f8fc766977807881625dbe27537b2;hb=4e1263c1f8aa0a3aeba0a95929678c18fc5a3c90;hp=32aa7308a357ae826138637ed08e0fce0212fb74;hpb=8e885f5b971320c1f86075f86ce085cf39c4bd13;p=friendica.git diff --git a/doc/Two-Factor-Authentication.md b/doc/Two-Factor-Authentication.md index 32aa7308a3..b413f9f253 100644 --- a/doc/Two-Factor-Authentication.md +++ b/doc/Two-Factor-Authentication.md @@ -13,7 +13,7 @@ If 2FA is already enabled and you want to add another device, you must re-config ### 1. Download an authenticator app Any authenticator app should work with Friendica. -Notheless, we recommend: +Nonetheless, we recommend: - For iOS, [Matt Rubin's MIT-licensed Authenticator app](https://mattrubin.me/authenticator). - For Android, [andOTP](https://github.com/andOTP/andOTP). @@ -58,3 +58,24 @@ In this case you will have to configure your authenticator app again using the p When two-factor authentication is enabled, you can show your recovery codes, including the ones you've already used. You can freely regenerate a new set of fresh recovery codes, just be sure to replace the previous ones where you saved them as they won't be active anymore. + +## Third-party applications and API + +Third-party applications using the Friendica API can't accept two-factor time-based authentication codes. +Instead, if you enabled two-factor authentication, you have to generate app-specific randomly generated long passwords to use in your apps instead of your regular account password. + +**Note**: Your regular password won't work at all when prompted in third-party apps if you enabled two-factor authentication. + +You can generate as many app-specific passwords as you want, they will be shown once to you just after you generated it. +Just copy and paste it in your third-party app in the Friendica account password input field at this point. +We recommend generating a single app-specific password for each separate third-party app you are using, using a meaningful description of the target app (like "Frienqa on my Fairphone 2"). + +You can also revoke any and all app-specific password you generated this way. +This may log you out of the third-party application(s) you used the revoked app-specific password to log in with. + +## Trusted browsers + +As a convenience, during two-factor authentication it is possible to identify a browser as trusted. +This will skip all further two-factor authentication prompt on this browser. + +You can remove any or all of these trusted browsers in the two-factor authentication settings.