Two-Factor Authentication

What is two-factor authentication?

Two-factor authentication is a security process that adds an extra layer of protection to MyAPNIC. It uses Time-based One-Time Passwords (TOTP), so when you sign into MyAPNIC and enable two-factor authentication, you will be required to enter a six-digit security code generated by an authenticator application in addition to your password. When you enter your six-digit security code, you will get the option to remember your security code. By selecting this option, the authentication will be valid for a period of 30 days for that device.

Two-factor authentication will also enable you to perform certain privileged functions within MyAPNIC such as:

  • Online voting for APNIC EC and NRO NC
  • Resource Certification

Please note, you will no longer be able to use your APNIC digital certificate once you have enabled two-factor authentication.

How do I enable two-factor authentication?

Before you enable two-factor authentication in MyAPNIC, you need to install an application that supports TOTP in your smart phone or tablet. Any application that supports TOTP can be used for two-factor authentication. Here are some apps you could install:

If you need to install the Google Authenticator application in your smart phone or tablet, please visit the Google Play Store for Android devices, or the App Store for iPhone, iPod Touch, or iPad devices.

Please visit the Windows Phone Store to install the Authenticator application for Windows devices.

Download from the Windows Phone Store

or open the URL on your BlackBerry.

Once you have installed the authenticator application, login to your MyAPNIC account and follow the steps below:

  1. Go to Personal Settings, select the ‘Security’ tab, then ‘TOTP’ to display a QR code and a ‘Secret code’
  2. Start your ‘Authenticator app’ and scan the QR code displayed or manually enter the ‘Secret code’. Your App will then generate a six-digit security code.
  3. Enter your six-digit security code and click on confirm, then log out of MyAPNIC to complete the setup.

For more information, please see the Guide for enabling TOTP two-factor authentication in MyAPNIC document.

What if I can’t generate a security code?

During the two-factor authentication setup process, you will receive a 32-character one-time backup security code. It is very important that you take note of the code down and keep it safe. If you ever accidentally delete the authenticator app, have an empty phone battery, lose your phone, or there is some other reason why you cannot generate a security code, you will need this backup security code to sign into your MyAPNIC account.

When signing in, you will be asked to enter your six-digit security code. If you cannot generate it, enter your 35-digit one-time backup code. This will disable TOTP and log you into your account, allowing you to set up a new TOTP on your phone or tablet. If you cannot login to MyAPNIC and you do not have your backup security code, please contact the APNIC Helpdesk.

What if I don’t have or want to use a smartphone?

A smartphone with an authenticator app makes it very easy to use two-factor authentication, but in principle you can use any application that is capable of generating TOTP.

Given below are two applications which do not require smartphones:

1. OATH Toolkit

The OATH Toolkit allows you to generate security codes from the command line. Please note, this software is for Linux.Unix. The man page will give you details on how to use the application.

2. OTP Manager

The OTP Manager is a simple application for managing One Time Password (OTP) tokens. It is also available for OS X. For more information on OPT Manager, please read the documentation.

Can I disable two-factor authentication after enabling it?

Yes. Two-factor authentication is optional but required to perform certain privileged functions within MyAPNIC. You can disable the functionality on the ‘TOTP’ tab of your My Profile page.