Two-Factor Authentication

What is two-factor authentication?

Two-factor authentication is a security process that adds an extra layer of protection to MyAPNIC. It uses Time-based One-Time Passwords (TOTP), so when you sign into MyAPNIC and enable two-factor authentication, you will be required to enter a six-digit security code generated by an authenticator application in addition to your password. When you enter your six-digit security code, you will get the option to remember your security code. By selecting this option, the authentication will be valid for a period of 30 days for that device.

Two-factor authentication will also enable you to perform certain privileged functions within MyAPNIC such as:

• Online voting for APNIC EC and NRO NC
• Resource Certification

Please note, you will no longer be able to use your APNIC digital certificate once you have enabled two-factor authentication.

How do I enable two-factor authentication?

Before you enable two-factor authentication in MyAPNIC, you need to install an application that supports TOTP in your smart phone or tablet. Any application that supports TOTP can be used for two-factor authentication. Here are some apps you could install:

• Google Authenticator (Android, iOS, BlackBerry)
• FreeOTP (Android)
• HDE OTP Generator (iOS)
• DUO Mobile (Android, iOS)
• Authenticator (Windows Phone)
• Authy (iOS, Android, BlackBerry)

If you need to install the Google Authenticator application in your smart phone or tablet, please visit the Google Play Store for Android devices, or the App Store for iPhone, iPod Touch, or iPad devices.

Please visit the Windows Phone Store to install the Authenticator application for Windows devices.

or open the URL http://m.google.com/authenticator on your BlackBerry.

Once you have installed the authenticator application, login to your MyAPNIC account and follow the steps below:

1. Go to Personal Settings, select the ‘Security’ tab, then ‘TOTP’ to display a QR code and a ‘Secret code’
2. Start your ‘Authenticator app’ and scan the QR code displayed or manually enter the ‘Secret code’. Your App will then generate a six-digit security code.
3. Enter your six-digit security code and click on confirm, then log out of MyAPNIC to complete the setup.

For more information, please see the Guide for enabling TOTP two-factor authentication in MyAPNIC document.

What if I can’t generate a security code?

If you cannot login to MyAPNIC because you changed your mobile device and cannot generate your security code, please contact the APNIC Helpdesk.

What if I don’t have or want to use a smartphone?

A smartphone with an authenticator app makes it very easy to use two-factor authentication, but in principle you can use any application that is capable of generating TOTP.

Given below are two applications which do not require smartphones:

1. OATH Toolkit

The OATH Toolkit allows you to generate security codes from the command line. Please note, this software is for Linux.Unix. The man page will give you details on how to use the application.

2. OTP Manager

The OTP Manager is a simple application for managing One Time Password (OTP) tokens. It is also available for OS X. For more information on OPT Manager, please read the documentation.

Can I disable two-factor authentication after enabling it?

Yes. Two-factor authentication is optional but required to perform certain privileged functions within MyAPNIC. You can disable the functionality on the ‘TOTP’ tab of your My Profile page.