2 Step Verification

From CosmicPvP Wiki
Jump to: navigation, search

Two-Step Verification is a means to secure your account so that IF your account is compromised they will not be able to leave the hub, move, join any of the planets or harm your faction! It requires a security code that only you have. Regardless of how secure you believe your account is, this is peace of mind for you and your faction that NOBODY will be able to access your account, your PV's or harm your faction! We recommend ALL users use this.

Downloading an Authenticator

When downloading an authenticator for your Two-Step Verification, we recommend the use of Authy to ensure that your account can be recovered via a master password.
Authy also allows you to install the chrome extension and desktop application, enabling you to verify your account all on the comfort of your computer! In addition, Authy allows users to have the same account on multiple devices as long as you have verification.

Downloading Authy (Mobile)

On your mobile device, download the Authy app. You will be asked to connect your account with a phone number and an email address. You will then be asked to input verification code.
After, you will be asked to enter a backup password. Make sure this password is secure.

In settings, you MUST set up a master password to make sure your account is completely secure. We recommend making this password a long combination of characters, symbols, and numbers to provide you with the maximum amount of security, and least likely hood of being compromised.

Downloading Authy (Desktop)

On your Desktop/Laptop, visit the Authy download page which can be found here or install the Authy Chrome extension which can be found here.
Once installed, you will be prompted to enter your phone number. You will be asked to confirm that it is your phone number.

In settings, you MUST set up a master password to make sure your account is completely secure. We recommend making this password a long combination of characters, symbols, and numbers to provide you with the maximum amount of security, and least likely hood of being compromised.

In-Game Two-Step Verification

How do I set up Two-Step Verification?

Two-Step Verification can ONLY be done from the hub! First, you need to download Authy. Authy will provide you with your code.
The reason we recommend Authy is because it allows you to keep multiple authentication codes in one location (things like google authenticator codes, Microsoft authentication codes, twitch 2 factor authentication codes) as well, you are able to have the application on your phone as well as on your desktop/laptop etc. provided you use google chrome.
Once you have downloaded Authy, log in to CosmicPvP.com and execute the command /2fa and you will be prompted with the message below and a map.

To look at the map, just point your head downwards

2fa instructions.png

Open Authy and select "Add Account" and look down at the map in-game. It will be a QR Code that will be unique to your account and UUID.

2fa sample.png

Once you have scanned the QR code (or entered the Secret Key) into your Two-Step Verification application enter the code the application is provided you, into the in-game chat using /2fa < code provided by the application >.
Once complete you will be provided with 5 scratch codes. These are emergency back up codes if you lose access to your Two-Step Verification application.

Keep them in a safe place and do NOT share or lose them or you will be locked out of your account permanently!

2fa done.png

And complete!

If your IP address changes you will be prompted for your two-step verification code! If you need to remove Two-Step Verification simply log into your account on Cosmic and run /2fa remove.

Forums Two-Step Verification

Getting There

To enable Two-Step Verification wonder over here.

Now you'll be asked to re-enter your current password for your forums account to confirm it's actually you.
2fa forums.png

After you re-enter your password you'll have a screen that looks something like this.
2fa forums2.png


Now, before you go any further please read below first.

Benefits and Downfalls

Now, let's talk about the benefits and downfalls of both Methods.

Email Confirmation
Pros

  1. Everyone has universal access to their email and can use any device to see the email.

Cons

  1. If you have your email password the same as your forums password (you should never use the same password more than once) it makes Two-Step Verification useless.
  2. Easier for someone else to steal your verification code.

Verification Code via App
Pros

  1. Impossible to get your verification code without the person having access to your device.
  2. Your verification code changes about every 30 seconds.

Cons

  1. You have to have that device with you.

Ultimately the Verification Code via App would be the best way to receive your code and you don't even need a phone to use this Method (if you use Authy!)

Setup

Email Confirmation

After you click Enable on the other page for Email Confirmation you'll see the following page:

2fa email.png
Now, you'll get an email looking like this:

2fa email2.png
Put the code it emailed you in the Email Confirmation Code spot and press Confirm.

Vuala! Your Two-Step Verification is now fully setup! But wait there's more!

Verification code via App

The app we trust the most is Authy. The reason we recommend is Authy because you don't have to have a phone to use it. Authy is available for a phone and also currently for Google Chrome. You just need a Phone Number to be able to use Authy.

How-to

Now, on to the How do I set this thing up with this other device thingy?After you click Enable on the other page for Verification via App you'll see the following page:
2fa appauth.png

The two main things you should be looking at is the QR Code and the Secret Code. If you're using your phone then you could take a picture of the QR Code in the Authenticator App.
If you can't take a picture of the QR Code in the app or you're using a computer then you can use the Secret Code in replace of that. The Secret Code does the same thing but just takes a little longer since you have to type it out.
Now, the six-digit code in your Authenticator can be put in the spot for the Verification Code and you can press Confirm.

Vuala! Your Two-Step Verification is now fully setup! But wait there's more!

Last but not least!
After you're finished setting everything up your Two-Step Verification page should look something like this:
2fa appauth2.png
Where you see Backup Codes click Manage on the right-hand side and you'll see a page that looks somewhat like this:
2fa appauth3.png
Save your backup codes somewhere safe and somewhere you'll never lose them. If you lose them and lose access to your Authenticator you will be locked out of your forums Account forever. The codes act just like the codes your Authenticator app generates but these codes last forever.


NEVER EVER SHOW YOUR BACKUP CODES TO ANYONE! If you accidentally showed them to someone check the "Generate new backup" codes box and "Confirm Regeneration" and replace the other ones you've saved before.
And your forums account is all set! You now have increased protection!

Recovery Codes

If you have lost your Two-Step Verification device and do not have access to your backup codes, you can follow this guide to help you have the possibility of recovering them.


This process will include combing through your Minecraft log files in order to find the backup recover codes that were placed in chat as a message to you.
IMPORTANT: If you've reset your computer since setting up your /2fa OR deleted your .minecraft folder, then this method will not work for you. Your only other option is to go through your Recycle Bin and hope your old .minecraft is there.

Windows Recovery

In order to sift through these logs, you must download these programs:
  • WinRAR or 7-Zip
  • Notepad++
1: Hold your Windows key and R key to open the Run command.
2: In the box that reads Open, type %appdata% and then select OK.
3: Open the .minecraft folder at the very top.
4: Once inside the .minecraft folder, locate the logs folder.
5: Select the .log files via highlighting all of them, however DO NOT select the latest text document.
6: Once all highlighted, right click and click Extract files. This will bring up a prompt in which you select the OK button.
7: Open the new logs folder you have created and highlight ALL documents inside the folder. Once selected, right click and select 'Edit with Notepad++.
8: Once in the Notepad++ window, type "Control + F to open the find menu. From here, type a keyword from the 2FA Backup Codes message like LOCKED FOREVER. After that select Find All in All Opened Documents.
9: If the text has been recovered, you will have found a location as seen in your find box located at the bottom of the window. Double click the found text and it will take you to your recovery codes.


If your logs supply no hits, you can not find your recovery codes via this method.
If needed, click here for a more visual approach regarding locating your recovery codes.

OSX Recovery

1: Open Finder and click on Go on your top of your taskbar.
2: Hold Option and select Library.
3: Open the Application Support folder.
4: Locate and open the minecraft folder.
5: Once inside the minecraft folder, locate the logs folder.
6: Select the log files via highlighting all of them, however DO NOT select the latest text document.
7: Once all highlighted, right click and click Extract files. This will bring up a prompt in which you select the OK button.
8: Open the new logs folder you have created and highlight ALL documents inside the folder. Once selected, right click and open with 'TextEdit.
9: Once in the TextEdit window, type "Command + F to open the find menu. From here, type a keyword from the 2FA Backup Codes message like LOCKED FOREVER. After that select Find All in All Opened Documents.
10: If the text has been recovered, you will have found a location as seen in your find box located at the bottom of the window. Double click the found text and it will take you to your recovery codes.


If your logs supply no hits, you can not find your recovery codes via this method.