The WTSS 2FA procedure
In addition to the standard username/password login, the WTSS portal can be activated with a two-factor authentication procedure. This can be set on the company, department, or user level. When any of these three levels are active, users must use 2FA while logging in to the WTSS portal.
The 2FA procedure starts after the standard login, after filling in the username/password combination.
The user is requested to select a method to verify via 2FA. At the moment, only plain mail is supported and therefore preselected. When the user clicks on the ‘Send code’ button, a code is generated and sent to the user via mail.
Below is an example of the mail a user will receive. It contains the code and the date and time it will be valid.
The user is then requested to fill in this code on the website. After clicking ‘Continue,’ the system will check the code internally. If the code is correct, the user will be logged in and redirected to their post-login page. However, if the code is incorrect, a message will be shown, and the user is requested to try again. After three wrong attempts, the account is blocked for security reasons. The user must then contact the WTSS support team to unlock the account.
If the user does not receive the mail within a few minutes, they can request that a new one be sent via the ‘Resend code’ button. When a new code is generated, the old one will be invalidated.
Example of an incorrect code: