The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn your Alliance ID password or somehow gain access to your identity provider, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:
- Something you know (typically the password for your Alliance ID or the password for your identity provider account)
- Something you have (a trusted device that is not easily duplicated, like a phone)
- Something you are (biometrics)
Right now, all our users must set up MFA as mandatory verification for their accounts. We are aware that this supposes an extra step on your login process so that we've been working on making it as easy as possible for you to go through this process.
This process gets triggered after you log in to your Alliance ID Account either by using an identity provider or a local account. If you have already provided us with know your phone number, you will see a screen like this one:
Otherwise, you will be prompted for your phone number as follows:
Phone Call verification.
If you select "Call Me", you will receive a phone call to your number asking you to press the # key of your dial pad to proceed. Once you do this, it'll be automatically detected and no further action will be needed. Awesome! You have now logged in successfully into your Alliance ID Account.
SMS Code Verification.
When you select "Send Code" a 6 digit code will be sent to your phone within the next 30 seconds. Place the code on the prompt panel and that's it. You have now logged in successfully into your Alliance ID Account!