Two-factor authentication is an additional layer of protection for your Magnus Box Server administrative login account. When this feature is enabled, an additional device (such as a cellphone app, or a hardware token) is also required to log in to the web interface. This means that a stolen password is insufficient to break into the web interface.
The Magnus Box application supports two-factor authentication for administrator accounts in compliance with the TOTP standard. This standard describes a six-digit code that changes every 30 seconds.
You can enable TOTP-based two-factor authentication for your account as follows:
- Click the "Regenerate TOTP code" button
- Scan the displayed QR code with any TOTP application.
At the time of writing, we recommend the following applications:
- Android: FreeOTP, Google Authenticator, Authy
- iOS: FreeOTP, Google Authenticator, Authy
- Configure Magnus Box so that a TOTP code is required to log in to the web interface.
FIDO U2F ¶
This feature was added in Magnus Box 18.9.0.
Magnus Box supports using a hardware FIDO U2F token as two-factor authentication for administrator accounts.
Any compliant FIDO U2F token can be used. Magnus Box recommends Yubikey hardware.
FIDO U2F login and registration is only available if your Magnus Box Server is using HTTPS.
At the time of writing, Google Chrome has built-in support for FIDO U2F. Mozilla Firefox supports FIDO U2F after manually making a configuration change.
The YubiKey Family with FIDO U2F. Source: Yubico
You can enable FIDO U2F-based two-factor authentication for your account as follows:
- Click the "Register FIDO U2F token" button
- Touch your hardware token
- Configure Magnus Box so that a FIDO U2F key is required to log in to the web interface.